From: Wietse Venema <wietse@porcupine.org>
Date: Tue, 7 Mar 2006 05:00:00 +0000 (-0500)
Subject: postfix-2.3-20060307
X-Git-Tag: v2.3-RC1~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ea1256ce8bd6e745f3e5986b1b75c47b99595fd;p=thirdparty%2Fpostfix.git

postfix-2.3-20060307
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 27159b2bd..068783367 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -11979,8 +11979,9 @@ Apologies for any names omitted.
 
 20060204
 
-	Bugfix: disable content_inspection for "sendmail -bv"
-	probes.  File: *qmgr/qmgr_message.c.
+	Bugfix: disable the content_filter feature for user-requested
+	"sendmail -bv" probes, just like it is disabled for probes
+	generated by Postfix itself.  File: *qmgr/qmgr_message.c.
 
 20060207
 
@@ -12000,9 +12001,36 @@ Apologies for any names omitted.
 	of waiting for another 100 seconds. This allows the processes
 	to refresh more frequently on low-traffic systems.
 
+	Cleanup: smtpd_delay_open_until_valid_rcpt (default: yes)
+	controls whether Postfix delays the start of a mail transaction
+	until after the first valid recipient, or if it starts a
+	transaction immediately after MAIL FROM. File: smtpd/smtpd.c.
+
+20060217
+
+	Bugfix: don't terminate with a non-standard exit status
+	when the pipe-to-command feature has a problem before it
+	executes the command. File: global/pipe_command.c.
+
+20060223
+
+	Bugfix: detect integer overflow when multiplying time values
+	with non-trivial time units. File: global/conv_time.c.
+
+20060307
+
+	Bugfix: reset the msg_cleanup() fatal error handler in child
+	processes. See also change 20060217. Files: postlock/postlock.c,
+	master/multi_server.c, global/mail_run.c, util/vstream_popen.c.
+
 Wish list:
 
-	Fix XCLIENT/XFORWARD: send xtext and accept old non-xtext.
+	Log DSN original recipient when rejecting mail.
+
+	Keep whitespace between label and ":"?
+
+	Make XCLIENT/XFORWARD future proof: send xtext and accept
+	old non-xtext.
 
 	Make the map case folding/locking options configurable, if
 	not at run-time then at least at compile time so we get
@@ -12016,7 +12044,8 @@ Wish list:
 	do virtual aliasing earlier?
 
 	Investigate what it would take to eliminate oqmgr, and to
-	make the old behavior configurable in a unified queue manager.
+	make the old behavior configurable in a unified queue
+	manager.
 	This would shave another 2.7 KLOC from the source footprint.
 
 	Document the case folding strategy for match_list like features.
diff --git a/postfix/README_FILES/IPV6_README b/postfix/README_FILES/IPV6_README
index ee49675b7..d60b0e5f0 100644
--- a/postfix/README_FILES/IPV6_README
+++ b/postfix/README_FILES/IPV6_README
@@ -107,7 +107,7 @@ configuration work with Postfix.
     smtp_bind_address parameter does for IPv4:
 
         /etc/postfix/main.cf:
-            smtp_bind_address6 = 2001:240:5c7:0:250:56ff:fe89:1
+            smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
 
   * If you left the value of the mynetworks parameter at its default (i.e. no
     mynetworks setting in main.cf) Postfix will figure out by itself what its
@@ -115,14 +115,14 @@ configuration work with Postfix.
 
         % postconf mynetworks
         mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:
-        240:5c7::]/64
+        240:587::]/64
 
     If you did specify the mynetworks parameter value in main.cf, you need
     update the mynetworks value to include the IPv6 networks the system is in.
     Be sure to specify IPv6 address information inside "[]", like this:
 
         /etc/postfix/main.cf:
-            mynetworks = ...IPv4 networks... [::1]/128 [2001:240:5c7::]/64 ...
+            mynetworks = ...IPv4 networks... [::1]/128 [2001:240:587::]/64 ...
 
 NNOOTTEE:: wwhheenn ccoonnffiigguurriinngg PPoossttffiixx mmaattcchh lliissttss ssuucchh aass mmyynneettwwoorrkkss oorr
 ddeebbuugg__ppeeeerr__lliisstt,, yyoouu mmuusstt ssppeecciiffyy IIPPvv66 aaddddrreessss iinnffoorrmmaattiioonn iinnssiiddee ""[[]]"" iinn tthhee
@@ -226,7 +226,7 @@ Getting Postfix IPv6 working on other platforms involves the following steps:
         168.100.189.2/255.255.255.224
         127.0.0.1/255.0.0.0
         fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
-        2001:240:5c7:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
+        2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
         fe80:5::1/ffff:ffff:ffff:ffff::
         ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 
diff --git a/postfix/README_FILES/SCHEDULER_README b/postfix/README_FILES/SCHEDULER_README
index ec924e906..f94581196 100644
--- a/postfix/README_FILES/SCHEDULER_README
+++ b/postfix/README_FILES/SCHEDULER_README
@@ -43,7 +43,7 @@ how next message is chosen when delivery agent becomes available. You already
 know that oqmgr(8) uses round-robin by destination while qmgr(8) uses simple
 FIFO, except for some preemptive magic. The postconf(5) manual documents all
 the knobs the user can use to control this preemptive magic - there is nothing
-else to the preemption than the quite simple conditions described below.
+else to the preemption than the quite simple conditions described in there.
 
 As for programmer-level documentation, this will have to be extracted from all
 those emails we have exchanged with Wietse [rats! I hoped that Patrik would do
diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README
index e04902637..f0c63f915 100644
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@@ -31,14 +31,14 @@ This document describes the following topics:
   * Configuring the Postfix SMTP pass-through proxy feature
   * Configuration parameters
   * How Postfix talks to the before-queue content filter
-  * Transparency
 
 PPrriinncciipplleess ooff ooppeerraattiioonn
 
-The before-filter Postfix SMTP server receives mail from the Internet and does
-the usual relay access control, SASL authentication, RBL lookups, rejecting
-non-existent sender or recipient addresses, etc. The before-queue filter
-receives unfiltered mail content from Postfix and does one of the following:
+The before-filter Postfix SMTP server accepts connections from the Internet and
+does the usual relay access control, SASL authentication, TLS negotiation, RBL
+lookups, rejecting non-existent sender or recipient addresses, etc. The before-
+queue filter receives unfiltered mail content from Postfix and does one of the
+following:
 
  1. Re-inject the mail back into Postfix via SMTP, perhaps after changing its
     content and/or destination.
@@ -193,49 +193,18 @@ Postfix speaks ESMTP but uses no command pipelining. Postfix generates its own
 EHLO, XFORWARD (for logging the remote client IP address instead of localhost
 [127.0.0.1]), DATA and QUIT commands, and forwards unmodified copies of all the
 MAIL FROM and RCPT TO commands that the before-filter Postfix SMTP server
-didn't reject itself. The SMTP proxy server should accept the same MAIL FROM
-and RCPT TO command syntax as the Postfix SMTP server. Postfix sends no other
-SMTP commands.
-
-The content filter is expected to pass on unmodified SMTP commands from a
-before-filter Postfix SMTP server to an after-filter Postfix SMTP server that
-usually listens on a non-standard port. When the filter rejects content, it
-should send a negative SMTP response back to the before-filter Postfix SMTP
-server, and it should abort the connection with the after-filter Postfix SMTP
-server without completing the SMTP conversation with the after-filter Postfix
-SMTP server.
-
-More detail on the postfix-to-proxy interaction is in the section titled
-"Transparency".
-
-TTrraannssppaarreennccyy
-
-The before-filter Postfix SMTP server forwards the MAIL FROM, RCPT TO and DATA
-commands that it has approved, but it does not forward other commands such as
-TLS or SASL commands. It can therefore not be transparent.
-
-The real-time content filter, on the other hand, has to be transparent. In
-order to support non-transparent real-time content filters, Postfix would have
-to reconcile the before-filter Postfix ESMTP feature set with the feature set
-that Postfix receives from the real-time content filter.
-
-  * When a future Postfix version supports DSN, but the content filter does not
-    announce DSN support in the EHLO reply, then the before-filter SMTP server
-    would have to either 1) suppress the DSN feature in its EHLO announcement,
-    or 2) duplicate all the work that needs to be done when delivering DSN-
-    aware mail to a non-DSN destination.
-
-  * When the content filter does not announce 8BITMIME support in the EHLO
-    reply, then the before-filter SMTP server would have to either 1) suppress
-    the 8BITMIME feature in its EHLO announcement, or 2) convert the content to
-    quoted-printable before giving it to the content filter.
-
-  * Performance: when Postfix has to suppress elements from the before-filter
-    EHLO reply because they are incompatible with the real-time content filter,
-    then Postfix has to connect to the content filter as soon as the client
-    sends a valid EHLO command. This wastes a lot of resources when all the
-    MAIL FROM or RCPT TO commands are rejected.
-
-Therefore, the Postfix SMTP server cannot be transparent with respect to the
-before-queue content filter.
+didn't reject itself. Postfix sends no other SMTP commands.
+
+The content filter should accept the same MAIL FROM and RCPT TO command syntax
+as the before-filter Postfix SMTP server, and should forward the commands
+without modification to the after-filter SMTP server. If the content filter or
+after-filter SMTP server does not support all the ESMTP features that the
+before-filter Postfix SMTP server supports, then the missing features must be
+turned off in the before-filter Postfix SMTP server with the
+smtpd_discard_ehlo_keywords parameter.
+
+When the filter rejects content, it should send a negative SMTP response back
+to the before-filter Postfix SMTP server, and it should abort the connection
+with the after-filter Postfix SMTP server without completing the SMTP
+conversation with the after-filter Postfix SMTP server.
 
diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README
index c1d290724..ba9fb6d10 100644
--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@@ -68,9 +68,10 @@ To build Postfix with TLS support, first we need to generate the make(1) files
 with the necessary definitions. This is done by invoking the command "make
 makefiles" in the Postfix top-level directory and with arguments as shown next.
 
-NNOOTTEE:: DDoo nnoott uussee GGnnuu TTLLSS.. IItt wwiillll ssppoonnttaanneeoouussllyy tteerrmmiinnaattee aa pprroocceessss wwiitthh eexxiitt
-ssttaattuuss ccooddee 22,, iinnsstteeaadd ooff pprrooppeerrllyy rreeppoorrttiinngg pprroobblleemmss ttoo PPoossttffiixx,, ssoo tthhaatt iitt
-ccaann lloogg tthheemm ttoo tthhee mmaaiilllloogg ffiillee..
+NNOOTTEE:: DDoo nnoott uussee GGnnuu TTLLSS.. IItt wwiillll ssppoonnttaanneeoouussllyy tteerrmmiinnaattee aa PPoossttffiixx ddaaeemmoonn
+pprroocceessss wwiitthh eexxiitt ssttaattuuss ccooddee 22,, iinnsstteeaadd ooff aalllloowwiinngg PPoossttffiixx ttoo 11)) rreeppoorrtt tthhee
+eerrrroorr ttoo tthhee mmaaiilllloogg ffiillee,, aanndd ttoo 22)) pprroovviiddee ppllaaiinntteexxtt sseerrvviiccee wwhheerree tthhiiss iiss
+aapppprroopprriiaattee..
 
   * If the OpenSSL include files (such as ssl.h) are in directory /usr/include/
     openssl, and the OpenSSL libraries (such as libssl.so and libcrypto.so) are
@@ -815,11 +816,11 @@ Example:
         # relayhost exact nexthop match
         [msa.example.net]:587       MUST
 
-        # example.org (as nexthop) has MX hosts with broken TLS.
+        # TLS should not be used with the example.org MX hosts.
         example.org                 NONE
 
-        # Except for (as host) mx1.example.org which works.
-        mx1.example.org             MAY
+        # TLS should not be used with the host smtp.example.com.
+        smtp.example.com             NONE
 
 DDiissccoovveerriinngg sseerrvveerrss tthhaatt ssuuppppoorrtt TTLLSS
 
diff --git a/postfix/html/IPV6_README.html b/postfix/html/IPV6_README.html
index cce966534..0193491e9 100644
--- a/postfix/html/IPV6_README.html
+++ b/postfix/html/IPV6_README.html
@@ -83,7 +83,7 @@ IPv6 support to other environments.  </p>
 
 <h2><a name="configuration">Configuration</a></h2>
 
-<p> Postfix IPv6 support introduces two new main.cf configuration
+<p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration
 parameters, and introduces an important change in address syntax
 notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or
 <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p>
@@ -98,8 +98,8 @@ related configuration work with Postfix.  </p>
 <ul>
 
 <li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses
-in master.cf, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in main.cf.
-This way you can use the same master.cf file regardless of whether
+in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>.
+This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether
 or not Postfix will run on an IPv6-enabled system. </p>
 
 <li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>.  This
@@ -109,7 +109,7 @@ will use when it makes network connections.  </p>
 
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
     # You must stop/start Postfix after changing this parameter.
     <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4       (DEFAULT: enable IPv4 only)
     <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all        (enable IPv4, and IPv6 if supported)
@@ -162,32 +162,32 @@ does for IPv4: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
-    <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:5c7:0:250:56ff:fe89:1
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+    <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1
 </pre>
 </blockquote>
 
 <li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its
-default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in main.cf) Postfix will figure
+default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure
 out by itself what its network addresses are. This is what a typical
 setting looks like: </p>
 
 <blockquote>
 <pre>
 % postconf <a href="postconf.5.html#mynetworks">mynetworks</a>
-<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:5c7::]/64 
+<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 
 </pre>
 </blockquote>
 
 <p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in
-main.cf, you need update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include
+<a href="postconf.5.html">main.cf</a>, you need update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include
 the IPv6 networks the system is in. Be sure to specify IPv6 address
 information inside "<tt>[]</tt>", like this: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/main.cf:
-    <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:5c7::]/64 ...
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+    <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ...
 </pre>
 </blockquote>
 
@@ -195,7 +195,7 @@ information inside "<tt>[]</tt>", like this: </p>
 
 <p> <b> NOTE: when configuring Postfix match lists such as
 <a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify
-IPv6 address information inside "<tt>[]</tt>" in the main.cf parameter
+IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter
 value and in files specified with a "<i>/file/name</i>" pattern.
 IPv6 addresses contain the ":" character, and would otherwise be
 confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b>  </p>
@@ -220,7 +220,7 @@ same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetwork
 subnet mask
 and always assumes a /128 network. This is a problem only with
 "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a>
-setting in main.cf. </p>
+setting in <a href="postconf.5.html">main.cf</a>. </p>
 
 </ul>
 
@@ -232,22 +232,22 @@ by Dean Strik and others, but differs in a few minor ways. </p>
 
 <ul>
 
-<li> <p> main.cf: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support
+<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support
 the notation  "ipv6:all" or "ipv4:all". Use the
 <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p>
 
-<li> <p> main.cf: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or
+<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or
 "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4
 and IPv6 support. </p>
 
-<li> <p> main.cf: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls
+<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls
 what DNS lookups Postfix will attempt to make when delivering or
 receiving mail. </p>
 
-<li> <p> main.cf: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only"
+<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only"
 to listen on loopback network interfaces only. </p>
 
-<li> <p> The lmtp_bind_address and lmtp_bind_address6
+<li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a>
 features were omitted. The Postfix LMTP client will be absorbed
 into the SMTP client, so there is no reason to keep adding features
 to the LMTP client. </p>
@@ -334,7 +334,7 @@ and network masks, for example: </p>
 168.100.189.2/255.255.255.224
 127.0.0.1/255.0.0.0
 fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
-2001:240:5c7:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
+2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
 fe80:5::1/ffff:ffff:ffff:ffff::
 ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </pre>
diff --git a/postfix/html/SCHEDULER_README.html b/postfix/html/SCHEDULER_README.html
index d2a0973f0..25f56a51a 100644
--- a/postfix/html/SCHEDULER_README.html
+++ b/postfix/html/SCHEDULER_README.html
@@ -68,7 +68,7 @@ available.  You already know that <a href="qmgr.8.html">oqmgr(8)</a> uses round-
 while <a href="qmgr.8.html">qmgr(8)</a> uses simple FIFO, except for some preemptive magic.
 The <a href="postconf.5.html">postconf(5)</a> manual documents all the knobs the user
 can use to control this preemptive magic - there is nothing else
-to the preemption than the quite simple conditions described below.
+to the preemption than the quite simple conditions described in there.
 </p>
 
 <p> As for programmer-level documentation, this will have to be
diff --git a/postfix/html/SMTPD_PROXY_README.html b/postfix/html/SMTPD_PROXY_README.html
index 1cca5e59d..646ddca7d 100644
--- a/postfix/html/SMTPD_PROXY_README.html
+++ b/postfix/html/SMTPD_PROXY_README.html
@@ -102,14 +102,13 @@ proxy feature</a>
 <li><a href="#protocol">How Postfix talks to the before-queue content
 filter</a>
 
-<li><a href="#transparency">Transparency</a>
-
 </ul>
 
 <h2><a name="principles">Principles of operation</a></h2>
 
-<p> The before-filter Postfix SMTP server receives mail from the
+<p> The before-filter Postfix SMTP server accepts connections from the
 Internet and does the usual relay access control, SASL authentication,
+TLS negotiation,
 RBL lookups, rejecting non-existent sender or recipient addresses,
 etc.  The before-queue filter receives unfiltered mail content from
 Postfix and does one of the following:  </p>
@@ -346,62 +345,24 @@ pipelining.  Postfix generates its own EHLO, XFORWARD (for logging
 the remote client IP address instead of localhost[127.0.0.1]), DATA
 and QUIT commands, and forwards unmodified copies of all the MAIL
 FROM and RCPT TO commands that the before-filter Postfix SMTP server
-didn't reject itself.  The SMTP proxy server should accept the same
-MAIL FROM and RCPT TO command syntax as the Postfix SMTP server.
+didn't reject itself.
 Postfix sends no other SMTP commands. </p>
 
-<p> The content filter is expected to pass on unmodified SMTP
-commands from a before-filter Postfix SMTP server to an after-filter
-Postfix SMTP server that usually listens on a non-standard port.
-When the filter rejects content, it should send a negative SMTP
+<p> The content filter should accept the same MAIL FROM and RCPT
+TO command syntax as the before-filter Postfix SMTP server, and
+should forward the commands without modification to the after-filter
+SMTP server.  If the content filter or after-filter SMTP server
+does not support all the ESMTP features that the before-filter
+Postfix SMTP server supports, then the missing features must be
+turned off in the before-filter Postfix SMTP server with the
+<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> parameter. </p>
+
+<p> When the filter rejects content, it should send a negative SMTP
 response back to the before-filter Postfix SMTP server, and it
 should abort the connection with the after-filter Postfix SMTP
 server without completing the SMTP conversation with the after-filter
 Postfix SMTP server. </p>
 
-<p> More detail on the postfix-to-proxy interaction is in the
-section titled "<a href="#transparency">Transparency</a>". </p>
-
-<h2><a name="transparency">Transparency</a></h2>
-
-<p> The before-filter Postfix SMTP server forwards the MAIL FROM,
-RCPT TO and DATA commands that it has approved, but it does not
-forward other commands such as TLS or SASL commands.  It can
-therefore not be transparent. </p>
-
-<p> The real-time content filter, on the other hand, has to be
-transparent.  In order to support non-transparent real-time content
-filters, Postfix would have to reconcile the before-filter Postfix
-ESMTP feature set with the feature set that Postfix receives from
-the real-time content filter. </p>
-
-<ul>
-
-    <li> <p> When a future Postfix version supports DSN, but the
-    content filter does not announce DSN support in the EHLO reply,
-    then the before-filter SMTP server would have to either 1)
-    suppress the DSN feature in its EHLO announcement, or 2)
-    duplicate all the work that needs to be done when delivering
-    DSN-aware mail to a non-DSN destination. </p>
-
-    <li> <p> When the content filter does not announce 8BITMIME
-    support in the EHLO reply, then the before-filter SMTP server
-    would have to either 1) suppress the 8BITMIME feature in its
-    EHLO announcement, or 2) convert the content to quoted-printable
-    before giving it to the content filter. </p>
-
-    <li> <p> Performance: when Postfix has to suppress elements
-    from the before-filter EHLO reply because they are incompatible
-    with the real-time content filter, then Postfix has to connect
-    to the content filter as soon as the client sends a valid EHLO
-    command.  This wastes a lot of resources when all the MAIL FROM
-    or RCPT TO commands are rejected. </p>
-
-</ul>
-
-<p> Therefore, the Postfix SMTP server cannot be transparent with
-respect to the before-queue content filter. </p>
-
 </body>
 
 </html>
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index c975669b1..c7600071b 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -130,9 +130,9 @@ done by invoking the command "<tt>make makefiles</tt>" in the Postfix
 top-level directory and with arguments as shown next. </p>
 
 <p> <b> NOTE: Do not use Gnu TLS.  It will spontaneously terminate
-a process with exit status code 2, instead of properly reporting
-problems to Postfix, so that it can log them to the maillog file.
-</b> </p>
+a Postfix daemon process with exit status code 2, instead of allowing
+Postfix to 1) report the error to the maillog file, and to 2) provide
+plaintext service where this is appropriate.  </b> </p>
 
 <ul>
 
@@ -1203,11 +1203,11 @@ verification. This feature requires Postfix 2.2.9 or later.  </p>
     # <a href="postconf.5.html#relayhost">relayhost</a> exact nexthop match
     [msa.example.net]:587       MUST
 
-    # example.org (as nexthop) has MX hosts with broken TLS.
+    # TLS should not be used with the <i>example.org</i> MX hosts.
     example.org                 NONE
 
-    # Except for (as host) mx1.example.org which works.
-    mx1.example.org             MAY
+    # TLS should not be used with the host <i>smtp.example.com</i>.
+    smtp.example.com             NONE
 </pre>
 </blockquote>
 
diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html
index 254f5d0d1..ef9d1cf53 100644
--- a/postfix/html/ldap_table.5.html
+++ b/postfix/html/ldap_table.5.html
@@ -23,11 +23,11 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
        databases.
 
        In order to use LDAP lookups, define an LDAP source  as  a
-       lookup table in main.cf, for example:
+       lookup table in <a href="postconf.5.html">main.cf</a>, for example:
            <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
 
        The  file /etc/postfix/ldap-aliases.cf has the same format
-       as the Postfix main.cf file, and can specify  the  parame-
+       as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify  the  parame-
        ters  described  below.  An example is given at the end of
        this manual.
 
@@ -40,24 +40,24 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
 
 <b>BACKWARDS COMPATIBILITY</b>
        For  backwards  compatibility with Postfix version 2.0 and
-       earlier, LDAP parameters can also be defined  in  main.cf.
+       earlier, LDAP parameters can also be defined  in  <a href="postconf.5.html">main.cf</a>.
        Specify  as  LDAP  source a name that doesn't begin with a
        slash or a dot.  The LDAP parameters will then be accessi-
        ble as the name you've given the source in its definition,
        an underscore, and the name of the parameter.   For  exam-
        ple,  if  the  map  is specified as "<a href="ldap_table.5.html">ldap</a>:<i>ldapsource</i>", the
-       "server_host" parameter below would be defined in  main.cf
+       "server_host" parameter below would be defined in  <a href="postconf.5.html">main.cf</a>
        as "<i>ldapsource</i>_server_host".
 
        Note:  with  this form, the passwords for the LDAP sources
-       are written in main.cf, which is normally  world-readable.
+       are written in <a href="postconf.5.html">main.cf</a>, which is normally  world-readable.
        Support  for this form will be removed in a future Postfix
        version.
 
        Postfix 2.2 has enhanced query interfaces  for  MySQL  and
-       PostgreSQL,  these  now include features previously avail-
-       able only in the Postfix LDAP client. This work also  cre-
-       ated  an  opportunity  for improvements in the LDAP inter-
+       PostgreSQL.   These  include features that were previously
+       available only in the Postfix LDAP client. This work  also
+       created an opportunity for improvements in the LDAP inter-
        face. The primary compatibility issue is that  <b>result_fil-</b>
        <b>ter</b> (a name that has caused some confusion as to its mean-
        ing in the past) has been renamed to  <b>result_format</b>.   For
@@ -376,9 +376,9 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
               you have to use this, you probably want to make the
               map configuration file readable only by the Postfix
               user.  When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
-              tax, with map parameters in main.cf, it is not pos-
+              tax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is not pos-
               sible  to securely store the bind password. This is
-              because main.cf needs to be world readable to allow
+              because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow
               local accounts to submit mail via the sendmail com-
               mand. Example:
                   bind_pw = postfixpw
@@ -469,7 +469,7 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
            version = 3
 
        If any of the Postfix programs querying the map is config-
-       ured  in  master.cf  to run chrooted, all the certificates
+       ured  in  <a href="master.5.html">master.cf</a>  to run chrooted, all the certificates
        and keys involved have to be copied to the chroot jail. Of
        course,  the  private  keys should only be readable by the
        user "postfix".
@@ -529,7 +529,7 @@ LDAP_TABLE(5)                                                    LDAP_TABLE(5)
 
 <b>EXAMPLE</b>
        Here's  a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
-       aliases.  Assume that in main.cf, you have:
+       aliases.  Assume that in <a href="postconf.5.html">main.cf</a>, you have:
            <a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
                <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index cd0987131..dc29a2614 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -4946,7 +4946,7 @@ and would otherwise be confused with a "<a href="DATABASE_README.html">type:tabl
 <pre>
 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28
 <a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28
-<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:5c7::]/64
+<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
 <a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks
 <a href="postconf.5.html#mynetworks">mynetworks</a> = hash:/etc/postfix/network_table
 </pre>
@@ -8354,6 +8354,25 @@ Examples:
 </pre>
 
 
+</DD>
+
+<DT><b><a name="smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a>
+(default: yes)</b></DT><DD>
+
+<p> Postpone the start of an SMTP mail transaction until a valid
+RCPT TO command is received. Specify "smtpd_delay_open_until_rcpt =
+yes" to create a mail transaction as soon as the SMTP server receives
+a valid MAIL FROM command. </p>
+
+<p> Postponing the start of a mail transaction reduces the use of
+disk, CPU and memory resources. The downside is that rejected
+recipients are logged with NOQUEUE instead of a mail transaction
+ID. This complicates the logfile analysis of multi-recipient mail.
+</p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
 </DD>
 
 <DT><b><a name="smtpd_delay_reject">smtpd_delay_reject</a>
diff --git a/postfix/html/postlock.1.html b/postfix/html/postlock.1.html
index 6ea837b18..dd39dc865 100644
--- a/postfix/html/postlock.1.html
+++ b/postfix/html/postlock.1.html
@@ -21,7 +21,7 @@ POSTLOCK(1)                                                        POSTLOCK(1)
        Options:
 
        <b>-c</b> <i>config</i><b>_</b><i>dir</i>
-              Read  the  <b>main.cf</b>  configuration file in the named
+              Read  the  <a href="postconf.5.html"><b>main.cf</b></a>  configuration file in the named
               directory  instead  of  the  default  configuration
               directory.
 
@@ -63,7 +63,7 @@ POSTLOCK(1)                                                        POSTLOCK(1)
               Enable verbose logging for debugging purposes.
 
 <b>CONFIGURATION PARAMETERS</b>
-       The  following  <b>main.cf</b> parameters are especially relevant
+       The  following  <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
        to this program.  The text below provides only a parameter
        summary.  See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
        ples.
@@ -96,8 +96,8 @@ POSTLOCK(1)                                                        POSTLOCK(1)
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The default location of  the  Postfix  main.cf  and
-              master.cf configuration files.
+              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
+              <a href="master.5.html">master.cf</a> configuration files.
 
 <b>SEE ALSO</b>
        <a href="postconf.5.html">postconf(5)</a>, configuration parameters
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index 4920b951f..0f2ebcd47 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -126,46 +126,50 @@ SMTPD(8)                                                              SMTPD(8)
               will not send in the EHLO response to a remote SMTP
               client.
 
+       <b><a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> (yes)</b>
+              Postpone the start  of  an  SMTP  mail  transaction
+              until a valid RCPT TO command is received.
+
 <b>ADDRESS REWRITING CONTROLS</b>
-       See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for  a  detailed
+       See  the  <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed
        discussion of Postfix address rewriting.
 
        <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
-              Enable  or  disable  recipient validation, built-in
+              Enable or disable  recipient  validation,  built-in
               content filtering, or address mapping.
 
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
               Rewrite message header addresses in mail from these
-              clients  and  update  incomplete addresses with the
+              clients and update incomplete  addresses  with  the
               domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
-              rewrite  message headers from other clients at all,
-              or rewrite message headers  and  update  incomplete
-              addresses   with   the   domain  specified  in  the
+              rewrite message headers from other clients at  all,
+              or  rewrite  message  headers and update incomplete
+              addresses  with  the  domain   specified   in   the
               <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
 
 <b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
-       As of version 1.0, Postfix can be configured to  send  new
-       mail  to  an  external  content  filter  AFTER the mail is
-       queued. This content filter is  expected  to  inject  mail
-       back  into  a (Postfix or other) MTA for further delivery.
+       As  of  version 1.0, Postfix can be configured to send new
+       mail to an external  content  filter  AFTER  the  mail  is
+       queued.  This  content  filter  is expected to inject mail
+       back into a (Postfix or other) MTA for  further  delivery.
        See the <a href="FILTER_README.html">FILTER_README</a> document for details.
 
        <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
-              The name of a mail delivery transport that  filters
+              The  name of a mail delivery transport that filters
               mail after it is queued.
 
 <b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
-       As  of version 2.1, the Postfix SMTP server can be config-
-       ured to send incoming mail to a real-time SMTP-based  con-
+       As of version 2.1, the Postfix SMTP server can be  config-
+       ured  to send incoming mail to a real-time SMTP-based con-
        tent filter BEFORE mail is queued.  This content filter is
-       expected to  inject  mail  back  into  Postfix.   See  the
-       <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>  document for details on how to config-
+       expected  to  inject  mail  back  into  Postfix.   See the
+       <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to  config-
        ure and operate this feature.
 
        <b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
-              The hostname and TCP port  of  the  mail  filtering
+              The  hostname  and  TCP  port of the mail filtering
               proxy server.
 
        <b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
@@ -177,167 +181,167 @@ SMTPD(8)                                                              SMTPD(8)
               for sending or receiving information.
 
 <b>GENERAL CONTENT INSPECTION CONTROLS</b>
-       The  following parameters are applicable for both built-in
+       The following parameters are applicable for both  built-in
        and external content filters.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
-              Enable or disable  recipient  validation,  built-in
+              Enable  or  disable  recipient validation, built-in
               content filtering, or address mapping.
 
 <b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
-       The  following  parameters are applicable for both before-
+       The following parameters are applicable for  both  before-
        queue and after-queue content filtering.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
-              What SMTP clients are allowed to use  the  XFORWARD
+              What  SMTP  clients are allowed to use the XFORWARD
               feature.
 
 <b>SASL AUTHENTICATION CONTROLS</b>
-       Postfix  SASL  support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
-       cate remote SMTP clients to the Postfix SMTP  server,  and
-       to  authenticate  the Postfix SMTP client to a remote SMTP
+       Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used  to  authenti-
+       cate  remote  SMTP clients to the Postfix SMTP server, and
+       to authenticate the Postfix SMTP client to a  remote  SMTP
        server.  See the <a href="SASL_README.html">SASL_README</a> document for details.
 
        <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
-              Enable inter-operability  with  SMTP  clients  that
-              implement  an  obsolete version of the AUTH command
+              Enable  inter-operability  with  SMTP  clients that
+              implement an obsolete version of the  AUTH  command
               (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
 
        <b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
-              Enable SASL  authentication  in  the  Postfix  SMTP
+              Enable  SASL  authentication  in  the  Postfix SMTP
               server.
 
        <b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
               The name of the local SASL authentication realm.
 
        <b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
-              SASL  security  options; as of Postfix 2.3 the list
-              of available features depends on  the  SASL  server
-              implementation     that     is     selected    with
+              SASL security options; as of Postfix 2.3  the  list
+              of  available  features  depends on the SASL server
+              implementation    that     is     selected     with
               <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
 
        <b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
-              Optional lookup table with  the  SASL  login  names
+              Optional  lookup  table  with  the SASL login names
               that own sender (MAIL FROM) addresses.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
-              What  SMTP clients Postfix will not offer AUTH sup-
+              What SMTP clients Postfix will not offer AUTH  sup-
               port to.
 
        Available in Postfix version 2.3 and later:
 
        <b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
-              Report the SASL  authenticated  user  name  in  the
+              Report  the  SASL  authenticated  user  name in the
               <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
 
        <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
-              Implementation-specific  information that is passed
-              through to the SASL plug-in implementation that  is
+              Implementation-specific information that is  passed
+              through  to the SASL plug-in implementation that is
               selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
 
        <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
-              The  SASL plug-in type that the Postfix SMTP server
+              The SASL plug-in type that the Postfix SMTP  server
               should use for authentication.
 
 <b>STARTTLS SUPPORT CONTROLS</b>
-       Detailed information about STARTTLS configuration  may  be
+       Detailed  information  about STARTTLS configuration may be
        found in the <a href="TLS_README.html">TLS_README</a> document.
 
        <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
-              Opportunistic  mode:  announce  STARTTLS support to
-              SMTP clients, but do not require that  clients  use
+              Opportunistic mode: announce  STARTTLS  support  to
+              SMTP  clients,  but do not require that clients use
               TLS encryption.
 
        <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
               Enforcement mode: announce STARTTLS support to SMTP
-              clients, and require that clients use  TLS  encryp-
+              clients,  and  require that clients use TLS encryp-
               tion.
 
        <b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a>         ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b>
        <b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b>
-              The  SASL  authentication security options that the
-              Postfix SMTP server uses  for  TLS  encrypted  SMTP
+              The SASL authentication security options  that  the
+              Postfix  SMTP  server  uses  for TLS encrypted SMTP
               sessions.
 
        <b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (300s)</b>
-              The  time  limit  for Postfix SMTP server write and
-              read operations during  TLS  startup  and  shutdown
+              The time limit for Postfix SMTP  server  write  and
+              read  operations  during  TLS  startup and shutdown
               handshake procedures.
 
        <b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
-              The  file with the certificate of the certification
-              authority (CA) that issued the Postfix SMTP  server
+              The file with the certificate of the  certification
+              authority  (CA) that issued the Postfix SMTP server
               certificate.
 
        <b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
-              The  file with the certificate of the certification
-              authority (CA) that issued the Postfix SMTP  server
+              The file with the certificate of the  certification
+              authority  (CA) that issued the Postfix SMTP server
               certificate.
 
        <b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
-              Ask  a remote SMTP client for a client certificate.
+              Ask a remote SMTP client for a client  certificate.
 
        <b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
               When TLS encryption is optional in the Postfix SMTP
-              server,  do not announce or accept SASL authentica-
+              server, do not announce or accept SASL  authentica-
               tion over unencrypted connections.
 
        <b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (5)</b>
-              The verification depth for remote SMTP client  cer-
+              The  verification depth for remote SMTP client cer-
               tificates.
 
        <b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
-              File  with  the Postfix SMTP server RSA certificate
+              File with the Postfix SMTP server  RSA  certificate
               in PEM format.
 
        <b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
-              Controls the Postfix SMTP server TLS cipher  selec-
+              Controls  the Postfix SMTP server TLS cipher selec-
               tion scheme.
 
        <b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
-              File  with  the Postfix SMTP server DSA certificate
+              File with the Postfix SMTP server  DSA  certificate
               in PEM format.
 
        <b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
-              File with  DH  parameters  that  the  Postfix  SMTP
+              File  with  DH  parameters  that  the  Postfix SMTP
               server should use with EDH ciphers.
 
        <b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
-              File  with  DH  parameters  that  the  Postfix SMTP
+              File with  DH  parameters  that  the  Postfix  SMTP
               server should use with EDH ciphers.
 
        <b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
-              File with the Postfix SMTP server DSA  private  key
+              File  with  the Postfix SMTP server DSA private key
               in PEM format.
 
        <b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
-              File  with  the Postfix SMTP server RSA private key
+              File with the Postfix SMTP server RSA  private  key
               in PEM format.
 
        <b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
-              Enable additional Postfix SMTP  server  logging  of
+              Enable  additional  Postfix  SMTP server logging of
               TLS activity.
 
        <b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
               Request  that  the  Postfix  SMTP  server  produces
               Received:  message headers that include information
-              about  the protocol and cipher used, as well as the
-              client CommonName  and  client  certificate  issuer
+              about the protocol and cipher used, as well as  the
+              client  CommonName  and  client  certificate issuer
               CommonName.
 
        <b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
-              When  TLS  encryption is enforced, require a remote
-              SMTP client certificate in order to allow TLS  con-
+              When TLS encryption is enforced, require  a  remote
+              SMTP  client certificate in order to allow TLS con-
               nections to proceed.
 
        <b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
-              Name  of  the  file containing the optional Postfix
+              Name of the file containing  the  optional  Postfix
               SMTP server TLS session cache.
 
        <b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
@@ -345,70 +349,70 @@ SMTPD(8)                                                              SMTPD(8)
               sion cache information.
 
        <b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b>
-              Run  the  Postfix  SMTP  server in the non-standard
-              "wrapper" mode, instead of using the STARTTLS  com-
+              Run the Postfix SMTP  server  in  the  non-standard
+              "wrapper"  mode, instead of using the STARTTLS com-
               mand.
 
        <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
-              The  number  of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
-              or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process  requests  from  the  <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
-              server  in order to seed its internal pseudo random
+              The number of pseudo-random bytes that  an  <a href="smtp.8.html"><b>smtp</b>(8)</a>
+              or  <a href="smtpd.8.html"><b>smtpd</b>(8)</a>  process  requests  from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+              server in order to seed its internal pseudo  random
               number generator (PRNG).
 
 <b>VERP SUPPORT CONTROLS</b>
-       With VERP style delivery,  each  recipient  of  a  message
+       With  VERP  style  delivery,  each  recipient of a message
        receives a customized copy of the message with his/her own
-       recipient address encoded in the envelope sender  address.
+       recipient  address encoded in the envelope sender address.
        The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
-       details of Postfix support for  variable  envelope  return
+       details  of  Postfix  support for variable envelope return
        path addresses.  VERP style delivery is requested with the
-       SMTP XVERP command or with the "sendmail -V"  command-line
-       option  and is available in Postfix version 1.1 and later.
+       SMTP  XVERP command or with the "sendmail -V" command-line
+       option and is available in Postfix version 1.1 and  later.
 
        <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
               The two default VERP delimiter characters.
 
        <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
-              The characters Postfix accepts  as  VERP  delimiter
-              characters  on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
+              The  characters  Postfix  accepts as VERP delimiter
+              characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command  line
               and in SMTP commands.
 
        Available in Postfix version 1.1 and 2.0:
 
        <b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
-              What SMTP clients are allowed to specify the  XVERP
+              What  SMTP clients are allowed to specify the XVERP
               command.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
-              What  SMTP clients are allowed to specify the XVERP
+              What SMTP clients are allowed to specify the  XVERP
               command.
 
 <b>TROUBLE SHOOTING CONTROLS</b>
-       The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts  of
-       the  Postfix mail system. The methods vary from making the
-       software log a lot of detail, to running some daemon  pro-
+       The  <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
+       the Postfix mail system. The methods vary from making  the
+       software  log a lot of detail, to running some daemon pro-
        cesses under control of a call tracer or debugger.
 
        <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
-              The  increment  in  verbose  logging  level  when a
-              remote client or server matches a  pattern  in  the
+              The increment  in  verbose  logging  level  when  a
+              remote  client  or  server matches a pattern in the
               <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
 
        <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
-              Optional  list  of remote client or server hostname
-              or network address patterns that cause the  verbose
-              logging  level  to increase by the amount specified
+              Optional list of remote client or  server  hostname
+              or  network address patterns that cause the verbose
+              logging level to increase by the  amount  specified
               in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
 
        <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
-              The recipient  of  postmaster  notifications  about
-              mail  delivery  problems that are caused by policy,
+              The  recipient  of  postmaster  notifications about
+              mail delivery problems that are caused  by  policy,
               resource, software or protocol errors.
 
        <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
-              The list of error classes that are reported to  the
+              The  list of error classes that are reported to the
               postmaster.
 
        <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
@@ -418,22 +422,22 @@ SMTPD(8)                                                              SMTPD(8)
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
-              What SMTP clients are allowed to  use  the  XCLIENT
+              What  SMTP  clients  are allowed to use the XCLIENT
               feature.
 
 <b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
-       As  of  Postfix  version 2.0, the SMTP server rejects mail
-       for unknown recipients. This prevents the mail queue  from
-       clogging  up  with  undeliverable  MAILER-DAEMON messages.
-       Additional  information  on   this   topic   is   in   the
+       As of Postfix version 2.0, the SMTP  server  rejects  mail
+       for  unknown recipients. This prevents the mail queue from
+       clogging up  with  undeliverable  MAILER-DAEMON  messages.
+       Additional   information   on   this   topic   is  in  the
        <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
 
        <b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
-              Display the name of  the  recipient  table  in  the
+              Display  the  name  of  the  recipient table in the
               "User unknown" responses.
 
        <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
-              Optional  address mapping lookup tables for message
+              Optional address mapping lookup tables for  message
               headers and envelopes.
 
        <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
@@ -444,7 +448,7 @@ SMTPD(8)                                                              SMTPD(8)
 
        <b><a href="postconf.5.html#mydestination">mydestination</a>  ($<a href="postconf.5.html#myhostname">myhostname</a>,  localhost.$<a href="postconf.5.html#mydomain">mydomain</a>,  local-</b>
        <b>host)</b>
-              The  list  of  domains  that  are delivered via the
+              The list of domains  that  are  delivered  via  the
               $<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
 
        <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@@ -453,145 +457,145 @@ SMTPD(8)                                                              SMTPD(8)
 
        <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
               The network interface addresses that this mail sys-
-              tem receives mail on by way of a proxy  or  network
+              tem  receives  mail on by way of a proxy or network
               address translation unit.
 
        <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
-              The  Internet protocols Postfix will attempt to use
+              The Internet protocols Postfix will attempt to  use
               when making or accepting connections.
 
        <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>             (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
        <b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
-              Lookup tables with all names or addresses of  local
-              recipients:  a  recipient address is local when its
-              domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>  or
+              Lookup  tables with all names or addresses of local
+              recipients: a recipient address is local  when  its
+              domain  matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
               $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
 
        <b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when   a   recipient   address   is   local,    and
-              $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>  specifies  a  list of lookup
+              The numerical Postfix  SMTP  server  response  code
+              when    a   recipient   address   is   local,   and
+              $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a  list  of  lookup
               tables that does not match the recipient.
 
-       Parameters concerning known/unknown  recipients  of  relay
+       Parameters  concerning  known/unknown  recipients of relay
        destinations:
 
        <b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
-              What  destination  domains (and subdomains thereof)
+              What destination domains (and  subdomains  thereof)
               this system will relay mail to.
 
        <b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
-              Optional lookup tables with all valid addresses  in
+              Optional  lookup tables with all valid addresses in
               the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
 
        <b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
               The numerical Postfix SMTP server reply code when a
-              recipient  address  matches   $<a href="postconf.5.html#relay_domains">relay_domains</a>,   and
-              <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>  specifies  a  list  of lookup
+              recipient   address   matches  $<a href="postconf.5.html#relay_domains">relay_domains</a>,  and
+              <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies  a  list  of  lookup
               tables that does not match the recipient address.
 
-       Parameters concerning known/unknown recipients in  virtual
+       Parameters  concerning known/unknown recipients in virtual
        alias domains:
 
        <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
               Postfix is final destination for the specified list
-              of virtual alias  domains,  that  is,  domains  for
-              which  all  addresses  are  aliased to addresses in
+              of  virtual  alias  domains,  that  is, domains for
+              which all addresses are  aliased  to  addresses  in
               other local or remote domains.
 
        <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
-              Optional lookup tables  that  alias  specific  mail
-              addresses  or  domains  to  other  local  or remote
+              Optional  lookup  tables  that  alias specific mail
+              addresses or  domains  to  other  local  or  remote
               address.
 
        <b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
               The SMTP server reply code when a recipient address
-              matches     $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,    and    $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
-              <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of  lookup  tables
+              matches    $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,    and     $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
+              <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a>  specifies  a list of lookup tables
               that does not match the recipient address.
 
-       Parameters  concerning known/unknown recipients in virtual
+       Parameters concerning known/unknown recipients in  virtual
        mailbox domains:
 
        <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
               Postfix is final destination for the specified list
-              of   domains;  mail  is  delivered  via  the  $<a href="postconf.5.html#virtual_transport">vir</a>-
+              of  domains;  mail  is  delivered  via  the   $<a href="postconf.5.html#virtual_transport">vir</a>-
               <a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
 
        <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
-              Optional lookup tables with all valid addresses  in
+              Optional  lookup tables with all valid addresses in
               the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
 
        <b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
               The SMTP server reply code when a recipient address
-              matches   $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,    and    $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
+              matches    $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,    and   $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
               <a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
               that does not match the recipient address.
 
 <b>RESOURCE AND RATE CONTROLS</b>
-       The following parameters limit resource usage by the  SMTP
+       The  following parameters limit resource usage by the SMTP
        server and/or control client request rates.
 
        <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
-              Upon  input,  long lines are chopped up into pieces
-              of at most this length; upon delivery,  long  lines
+              Upon input, long lines are chopped up  into  pieces
+              of  at  most this length; upon delivery, long lines
               are reconstructed.
 
        <b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
-              The  minimal  amount  of free space in bytes in the
+              The minimal amount of free space in  bytes  in  the
               queue file system that is needed to receive mail.
 
        <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
-              The maximal size in bytes of a  message,  including
+              The  maximal  size in bytes of a message, including
               envelope information.
 
        <b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
-              The  maximal  number of recipients that the Postfix
+              The maximal number of recipients that  the  Postfix
               SMTP server accepts per message delivery request.
 
        <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (300s)</b>
-              The time limit for sending a  Postfix  SMTP  server
-              response  and  for  receiving  a remote SMTP client
+              The  time  limit  for sending a Postfix SMTP server
+              response and for receiving  a  remote  SMTP  client
               request.
 
        <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
-              The maximal number of lines  in  the  Postfix  SMTP
-              server  command  history  before it is flushed upon
+              The  maximal  number  of  lines in the Postfix SMTP
+              server command history before it  is  flushed  upon
               receipt of EHLO, RSET, or end of DATA.
 
        Available in Postfix version 2.3 and later:
 
        <b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
-              Attempt to look up the SMTP  client  hostname,  and
+              Attempt  to  look  up the SMTP client hostname, and
               verify that the name matches the client IP address.
 
        The per SMTP client connection count and request rate lim-
        its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
-       vice, and are available in Postfix version 2.2 and  later.
+       vice,  and are available in Postfix version 2.2 and later.
 
        <b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
-              How  many  simultaneous  connections  any client is
+              How many simultaneous  connections  any  client  is
               allowed to make to this service.
 
        <b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
               The  maximal  number  of  connection  attempts  any
-              client  is allowed to make to this service per time
+              client is allowed to make to this service per  time
               unit.
 
        <b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
-              The maximal number  of  message  delivery  requests
-              that  any client is allowed to make to this service
+              The  maximal  number  of  message delivery requests
+              that any client is allowed to make to this  service
               per time unit, regardless of whether or not Postfix
               actually accepts those messages.
 
        <b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
-              The  maximal number of recipient addresses that any
-              client is allowed to send to this service per  time
+              The maximal number of recipient addresses that  any
+              client  is allowed to send to this service per time
               unit, regardless of whether or not Postfix actually
               accepts those recipients.
 
        <b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
-              Clients that are excluded  from  connection  count,
+              Clients  that  are  excluded from connection count,
               connection rate, or SMTP request rate restrictions.
 
        Available in Postfix version 2.3 and later:
@@ -602,52 +606,52 @@ SMTPD(8)                                                              SMTPD(8)
               tiate with this service per time unit.
 
 <b>TARPIT CONTROLS</b>
-       When a remote SMTP client makes errors, the  Postfix  SMTP
-       server  can insert delays before responding. This can help
-       to slow down run-away  software.   The  behavior  is  con-
-       trolled  by  an  error  counter  that counts the number of
-       errors within an SMTP session that a client makes  without
+       When  a  remote SMTP client makes errors, the Postfix SMTP
+       server can insert delays before responding. This can  help
+       to  slow  down  run-away  software.   The behavior is con-
+       trolled by an error counter  that  counts  the  number  of
+       errors  within an SMTP session that a client makes without
        delivering mail.
 
        <b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
               With Postfix version 2.1 and later: the SMTP server
-              response delay after a client has  made  more  than
-              $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>   errors,  and  fewer  than
-              $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without  delivering
+              response  delay  after  a client has made more than
+              $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>  errors,  and  fewer   than
+              $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>  errors, without delivering
               mail.
 
        <b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
-              The  number  of  errors  a  remote  SMTP  client is
-              allowed to make without delivering mail before  the
+              The number  of  errors  a  remote  SMTP  client  is
+              allowed  to make without delivering mail before the
               Postfix SMTP server slows down all its responses.
 
        <b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (20)</b>
-              The  maximal  number of errors a remote SMTP client
+              The maximal number of errors a remote  SMTP  client
               is allowed to make without delivering mail.
 
        <b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (100)</b>
-              The number of junk commands (NOOP,  VRFY,  ETRN  or
+              The  number  of  junk commands (NOOP, VRFY, ETRN or
               RSET) that a remote SMTP client can send before the
-              Postfix SMTP server starts to increment  the  error
+              Postfix  SMTP  server starts to increment the error
               counter with each junk command.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
-              The  number of recipients that a remote SMTP client
-              can send in excess  of  the  limit  specified  with
+              The number of recipients that a remote SMTP  client
+              can  send  in  excess  of  the limit specified with
               $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,  before  the  Postfix  SMTP
-              server increments the per-session error  count  for
+              server  increments  the per-session error count for
               each excess recipient.
 
 <b>ACCESS POLICY DELEGATION CONTROLS</b>
-       As  of  version 2.1, Postfix can be configured to delegate
-       access policy decisions to an external  server  that  runs
-       outside  Postfix.   See  the  file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
+       As of version 2.1, Postfix can be configured  to  delegate
+       access  policy  decisions  to an external server that runs
+       outside Postfix.  See  the  file  <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a>  for
        more information.
 
        <b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
-              The time after which an idle SMTPD  policy  service
+              The  time  after which an idle SMTPD policy service
               connection is closed.
 
        <b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
@@ -655,161 +659,161 @@ SMTPD(8)                                                              SMTPD(8)
               connection is closed.
 
        <b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
-              The time limit for connecting  to,  writing  to  or
+              The  time  limit  for  connecting to, writing to or
               receiving from a delegated SMTPD policy server.
 
 <b>ACCESS CONTROLS</b>
-       The  <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
+       The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction  to
        all the SMTP server access control features.
 
        <b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
-              Wait until the RCPT TO  command  before  evaluating
+              Wait  until  the  RCPT TO command before evaluating
               $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>,    $smtpd_helo_restric-
               tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
-              the      ETRN     command     before     evaluating
+              the     ETRN     command     before      evaluating
               $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
               tions.
 
-       <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>  (see  'postconf -d' out-</b>
+       <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf  -d'  out-</b>
        <b>put)</b>
               What   Postfix   features   match   subdomains   of
               "domain.tld" automatically, instead of requiring an
               explicit ".domain.tld" pattern.
 
        <b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
-              Optional  SMTP  server  access  restrictions in the
+              Optional SMTP server  access  restrictions  in  the
               context of a client SMTP connection request.
 
        <b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
               Require that a remote SMTP client introduces itself
-              at  the  beginning of an SMTP session with the HELO
+              at the beginning of an SMTP session with  the  HELO
               or EHLO command.
 
        <b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
-              Optional restrictions that the Postfix SMTP  server
+              Optional  restrictions that the Postfix SMTP server
               applies in the context of the SMTP HELO command.
 
        <b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
-              Optional  restrictions that the Postfix SMTP server
+              Optional restrictions that the Postfix SMTP  server
               applies in the context of the MAIL FROM command.
 
        <b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>           (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
        <b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
               The  access  restrictions  that  the  Postfix  SMTP
-              server  applies  in the context of the RCPT TO com-
+              server applies in the context of the RCPT  TO  com-
               mand.
 
        <b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
-              Optional SMTP server  access  restrictions  in  the
+              Optional  SMTP  server  access  restrictions in the
               context of a client ETRN request.
 
        <b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
-              Forward    mail   with   sender-specified   routing
-              (user[@%!]remote[@%!]site) from  untrusted  clients
+              Forward   mail   with   sender-specified    routing
+              (user[@%!]remote[@%!]site)  from  untrusted clients
               to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
 
        <b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
-              User-defined  aliases for groups of access restric-
+              User-defined aliases for groups of access  restric-
               tions.
 
        <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
-              The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a>  tables
+              The  lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables
               instead of the null sender address.
 
        <b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
               Restrict  the  use  of  the  <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a>  SMTP
-              access feature to only  domains  whose  primary  MX
+              access  feature  to  only  domains whose primary MX
               hosts match the listed networks.
 
        Available in Postfix version 2.0 and later:
 
        <b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
-              Optional  access restrictions that the Postfix SMTP
+              Optional access restrictions that the Postfix  SMTP
               server applies in the context of the SMTP DATA com-
               mand.
 
        <b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
-              What  characters are allowed in $name expansions of
+              What characters are allowed in $name expansions  of
               RBL reply templates.
 
        Available in Postfix version 2.1 and later:
 
        <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
-              Request that the Postfix SMTP server  rejects  mail
-              from   unknown   sender  addresses,  even  when  no
-              explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access  restriction
+              Request  that  the Postfix SMTP server rejects mail
+              from  unknown  sender  addresses,  even   when   no
+              explicit  <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
               is specified.
 
        <b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
-              Request  that  the Postfix SMTP server rejects mail
+              Request that the Postfix SMTP server  rejects  mail
               for  unknown  recipient  addresses,  even  when  no
-              explicit  <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
+              explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access  restric-
               tion is specified.
 
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
-              Optional access restrictions that the Postfix  SMTP
-              server  applies  in the context of the SMTP END-OF-
+              Optional  access restrictions that the Postfix SMTP
+              server applies in the context of the  SMTP  END-OF-
               DATA command.
 
 <b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
-       Postfix  version  2.1  introduces  sender  and   recipient
-       address  verification.   This  feature  is  implemented by
-       sending probe email messages that are not actually  deliv-
-       ered.   This  feature  is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
-       <a href="postconf.5.html#reject_unverified_sender">fied_sender</a>   and    <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>    access
-       restrictions.   The status of verification probes is main-
+       Postfix   version  2.1  introduces  sender  and  recipient
+       address verification.   This  feature  is  implemented  by
+       sending  probe email messages that are not actually deliv-
+       ered.  This feature is requested  via  the  <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
+       <a href="postconf.5.html#reject_unverified_sender">fied_sender</a>    and    <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>   access
+       restrictions.  The status of verification probes is  main-
        tained by the <a href="verify.8.html"><b>verify</b>(8)</a> server.  See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VER</a>-
-       <a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a>  for  information  about how to configure
+       <a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about  how  to  configure
        and operate the Postfix sender/recipient address verifica-
        tion service.
 
        <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
-              How  many  times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for
-              the completion of an address  verification  request
+              How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a>  service  for
+              the  completion  of an address verification request
               in progress.
 
        <b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
-              The  delay between queries for the completion of an
+              The delay between queries for the completion of  an
               address verification request in progress.
 
        <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
-              The sender address to use in  address  verification
+              The  sender  address to use in address verification
               probes.
 
        <b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when  a  recipient  address  is  rejected  by   the
+              The numerical Postfix  SMTP  server  response  code
+              when   a  recipient  address  is  rejected  by  the
               <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
 
        <b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
-              The  numerical  Postfix SMTP server response when a
+              The numerical Postfix SMTP server response  when  a
               recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
               <a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
 
 <b>ACCESS CONTROL RESPONSES</b>
-       The  following  parameters  control  numerical  SMTP reply
+       The following  parameters  control  numerical  SMTP  reply
        codes and/or text responses.
 
        <b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
-              The numerical Postfix  SMTP  server  response  code
-              when  a  client  is  rejected  by  an <a href="access.5.html"><b>access</b>(5)</a> map
+              The  numerical  Postfix  SMTP  server response code
+              when a client  is  rejected  by  an  <a href="access.5.html"><b>access</b>(5)</a>  map
               restriction.
 
        <b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
-              The numerical Postfix  SMTP  server  response  code
-              when  a  remote  SMTP client request is rejected by
+              The  numerical  Postfix  SMTP  server response code
+              when a remote SMTP client request  is  rejected  by
               the "defer" restriction.
 
        <b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
-              The numerical Postfix  SMTP  server  response  code
-              when  the  client HELO or EHLO command parameter is
-              rejected   by   the    <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
+              The  numerical  Postfix  SMTP  server response code
+              when the client HELO or EHLO command  parameter  is
+              rejected    by   the   <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
               restriction.
 
        <b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
-              The  numerical  Postfix  SMTP  server response code
+              The numerical Postfix  SMTP  server  response  code
               when a remote SMTP client request is blocked by the
               <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,             <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
               <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a>    or    <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
@@ -817,53 +821,53 @@ SMTPD(8)                                                              SMTPD(8)
 
        <b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
               The numerical Postfix SMTP server reply code when a
-              client    request    is     rejected     by     the
+              client     request     is     rejected    by    the
               <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
               <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a>
               restriction.
 
        <b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when a request is  rejected  by  the  <b>reject_plain-</b>
+              The numerical Postfix  SMTP  server  response  code
+              when  a  request  is  rejected by the <b>reject_plain-</b>
               <b>text_session</b> restriction.
 
        <b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when a remote SMTP client request  is  rejected  by
+              The numerical Postfix  SMTP  server  response  code
+              when  a  remote  SMTP client request is rejected by
               the "reject" restriction.
 
        <b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when  a  client  request   is   rejected   by   the
+              The numerical Postfix  SMTP  server  response  code
+              when   a   client   request   is  rejected  by  the
               <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
 
        <b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when a sender or recipient address is  rejected  by
+              The numerical Postfix  SMTP  server  response  code
+              when  a  sender or recipient address is rejected by
               the         <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>         or
               <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
 
        <b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
-              The numerical Postfix  SMTP  server  response  code
-              when  a  client without valid address &lt;=&gt; name map-
+              The  numerical  Postfix  SMTP  server response code
+              when a client without valid address &lt;=&gt;  name  map-
               ping is rejected by the reject_unknown_client_host-
               name restriction.
 
        <b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
-              The  numerical  Postfix  SMTP  server response code
-              when the hostname specified with the HELO  or  EHLO
-              command        is       rejected       by       the
+              The numerical Postfix  SMTP  server  response  code
+              when  the  hostname specified with the HELO or EHLO
+              command       is       rejected       by        the
               <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
 
        Available in Postfix version 2.0 and later:
 
        <b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
-              The default SMTP server  response  template  for  a
-              request  that  is rejected by an RBL-based restric-
+              The  default  SMTP  server  response template for a
+              request that is rejected by an  RBL-based  restric-
               tion.
 
        <b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
-              The numerical Postfix  SMTP  server  response  code
+              The  numerical  Postfix  SMTP  server response code
               when a remote SMTP client request is blocked by the
               <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
 
@@ -872,16 +876,16 @@ SMTPD(8)                                                              SMTPD(8)
 
 <b>MISCELLANEOUS CONTROLS</b>
        <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
-              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
+              The default location of  the  Postfix  <a href="postconf.5.html">main.cf</a>  and
               <a href="master.5.html">master.cf</a> configuration files.
 
        <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
-              How much time a Postfix daemon process may take  to
-              handle  a  request  before  it  is  terminated by a
+              How  much time a Postfix daemon process may take to
+              handle a request  before  it  is  terminated  by  a
               built-in watchdog timer.
 
        <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
-              The location of  all  postfix  administrative  com-
+              The  location  of  all  postfix administrative com-
               mands.
 
        <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@@ -902,36 +906,36 @@ SMTPD(8)                                                              SMTPD(8)
               and most Postfix daemon processes.
 
        <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
-              The maximum amount of time  that  an  idle  Postfix
-              daemon  process  waits for the next service request
+              The  maximum  amount  of  time that an idle Postfix
+              daemon process waits for the next  service  request
               before exiting.
 
        <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
-              The maximal number of connection requests before  a
+              The  maximal number of connection requests before a
               Postfix daemon process terminates.
 
        <b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
               The internet hostname of this mail system.
 
        <b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
-              The  list  of "trusted" SMTP clients that have more
+              The list of "trusted" SMTP clients that  have  more
               privileges than "strangers".
 
        <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
               The domain name that locally-posted mail appears to
-              come  from,  and that locally posted mail is deliv-
+              come from, and that locally posted mail  is  deliv-
               ered to.
 
        <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
-              The process ID  of  a  Postfix  command  or  daemon
+              The  process  ID  of  a  Postfix  command or daemon
               process.
 
        <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
-              The  process  name  of  a Postfix command or daemon
+              The process name of a  Postfix  command  or  daemon
               process.
 
        <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
-              The location of the Postfix top-level queue  direc-
+              The  location of the Postfix top-level queue direc-
               tory.
 
        <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@@ -939,22 +943,22 @@ SMTPD(8)                                                              SMTPD(8)
               sions (user+foo).
 
        <b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
-              The text that follows the 220 status  code  in  the
+              The  text  that  follows the 220 status code in the
               SMTP greeting banner.
 
        <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
               The syslog facility of Postfix logging.
 
        <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
-              The  mail  system  name  that  is  prepended to the
-              process name in syslog  records,  so  that  "smtpd"
+              The mail system  name  that  is  prepended  to  the
+              process  name  in  syslog  records, so that "smtpd"
               becomes, for example, "postfix/smtpd".
 
        Available in Postfix version 2.2 and later:
 
        <b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
-              List  of  commands  that  causes  the  Postfix SMTP
-              server to immediately terminate the session with  a
+              List of  commands  that  causes  the  Postfix  SMTP
+              server  to immediately terminate the session with a
               221 code.
 
 <b>SEE ALSO</b>
@@ -983,7 +987,7 @@ SMTPD(8)                                                              SMTPD(8)
        <a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
 
 <b>LICENSE</b>
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 <b>AUTHOR(S)</b>
diff --git a/postfix/man/man5/ldap_table.5 b/postfix/man/man5/ldap_table.5
index 9a0c79f9a..4e22f4987 100644
--- a/postfix/man/man5/ldap_table.5
+++ b/postfix/man/man5/ldap_table.5
@@ -54,8 +54,8 @@ Note: with this form, the passwords for the LDAP sources are
 written in main.cf, which is normally world-readable.  Support
 for this form will be removed in a future Postfix version.
 
-Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
-these now include features previously available only in the
+Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL.
+These include features that were previously available only in the
 Postfix LDAP client. This work also created an opportunity for
 improvements in the LDAP interface. The primary compatibility
 issue is that \fBresult_filter\fR (a name that has caused some
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index e36825ec2..6dce04ea8 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2723,7 +2723,7 @@ Examples:
 .ft C
 mynetworks = 127.0.0.0/8 168.100.189.0/28
 mynetworks = !192.168.0.1, 192.168.0.0/28
-mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:5c7::]/64
+mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
 mynetworks = $config_directory/mynetworks
 mynetworks = hash:/etc/postfix/network_table
 .fi
@@ -4814,6 +4814,18 @@ smtpd_data_restrictions = reject_multi_recipient_bounce
 .fi
 .ad
 .ft R
+.SH smtpd_delay_open_until_valid_rcpt (default: yes)
+Postpone the start of an SMTP mail transaction until a valid
+RCPT TO command is received. Specify "smtpd_delay_open_until_rcpt =
+yes" to create a mail transaction as soon as the SMTP server receives
+a valid MAIL FROM command.
+.PP
+Postponing the start of a mail transaction reduces the use of
+disk, CPU and memory resources. The downside is that rejected
+recipients are logged with NOQUEUE instead of a mail transaction
+ID. This complicates the logfile analysis of multi-recipient mail.
+.PP
+This feature is available in Postfix 2.3 and later.
 .SH smtpd_delay_reject (default: yes)
 Wait until the RCPT TO command before evaluating
 $smtpd_client_restrictions, $smtpd_helo_restrictions and
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 59e4a0457..0d2f17f3c 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -121,6 +121,9 @@ remote SMTP client.
 A case insensitive list of EHLO keywords (pipelining, starttls,
 auth, etc.) that the SMTP server will not send in the EHLO response
 to a remote SMTP client.
+.IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR"
+Postpone the start of an SMTP mail transaction until a valid
+RCPT TO command is received.
 .SH "ADDRESS REWRITING CONTROLS"
 .na
 .nf
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 1b48da42e..cb8c84173 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -1,6 +1,4 @@
-#!/bin/sh
-
-perl -e '
+#!/usr/bin/perl
 
 $printit++ unless $nflag;
 
@@ -420,6 +418,7 @@ while (<>) {
     s;\bsmtpd_client_new_tls_session_rate_limit\b;<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">$&</a>;g;
     s;\bsmtpd_client_restrictions\b;<a href="postconf.5.html#smtpd_client_restrictions">$&</a>;g;
     s;\bsmtpd_data_restrictions\b;<a href="postconf.5.html#smtpd_data_restrictions">$&</a>;g;
+    s;\bsmtpd_delay_open_until_valid_rcpt\b;<a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">$&</a>;g;
     s;\bsmtpd_delay_reject\b;<a href="postconf.5.html#smtpd_delay_reject">$&</a>;g;
     s;\bsmtpd_discard_ehlo_keyword_address_maps\b;<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">$&</a>;g;
     s;\bsmtpd_discard_ehlo_keywords\b;<a href="postconf.5.html#smtpd_discard_ehlo_keywords">$&</a>;g;
@@ -783,5 +782,3 @@ continue {
     else
 	{ $printit++ unless $nflag; }
 }
-
-' "$@"
diff --git a/postfix/proto/IPV6_README.html b/postfix/proto/IPV6_README.html
index f5a8a9006..cf5ed5eed 100644
--- a/postfix/proto/IPV6_README.html
+++ b/postfix/proto/IPV6_README.html
@@ -163,7 +163,7 @@ does for IPv4: </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
-    smtp_bind_address6 = 2001:240:5c7:0:250:56ff:fe89:1
+    smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1
 </pre>
 </blockquote>
 
@@ -175,7 +175,7 @@ setting looks like: </p>
 <blockquote>
 <pre>
 % postconf mynetworks
-mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:5c7::]/64 
+mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64 
 </pre>
 </blockquote>
 
@@ -187,7 +187,7 @@ information inside "<tt>[]</tt>", like this: </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
-    mynetworks = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:5c7::]/64 ...
+    mynetworks = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ...
 </pre>
 </blockquote>
 
@@ -334,7 +334,7 @@ and network masks, for example: </p>
 168.100.189.2/255.255.255.224
 127.0.0.1/255.0.0.0
 fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
-2001:240:5c7:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
+2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
 fe80:5::1/ffff:ffff:ffff:ffff::
 ::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </pre>
diff --git a/postfix/proto/SCHEDULER_README.html b/postfix/proto/SCHEDULER_README.html
index 5d91f6c9b..c81be4857 100644
--- a/postfix/proto/SCHEDULER_README.html
+++ b/postfix/proto/SCHEDULER_README.html
@@ -68,7 +68,7 @@ available.  You already know that oqmgr(8) uses round-robin by destination
 while qmgr(8) uses simple FIFO, except for some preemptive magic.
 The postconf(5) manual documents all the knobs the user
 can use to control this preemptive magic - there is nothing else
-to the preemption than the quite simple conditions described below.
+to the preemption than the quite simple conditions described in there.
 </p>
 
 <p> As for programmer-level documentation, this will have to be
diff --git a/postfix/proto/SMTPD_PROXY_README.html b/postfix/proto/SMTPD_PROXY_README.html
index aeb8871a8..d67c609dc 100644
--- a/postfix/proto/SMTPD_PROXY_README.html
+++ b/postfix/proto/SMTPD_PROXY_README.html
@@ -102,14 +102,13 @@ proxy feature</a>
 <li><a href="#protocol">How Postfix talks to the before-queue content
 filter</a>
 
-<li><a href="#transparency">Transparency</a>
-
 </ul>
 
 <h2><a name="principles">Principles of operation</a></h2>
 
-<p> The before-filter Postfix SMTP server receives mail from the
+<p> The before-filter Postfix SMTP server accepts connections from the
 Internet and does the usual relay access control, SASL authentication,
+TLS negotiation,
 RBL lookups, rejecting non-existent sender or recipient addresses,
 etc.  The before-queue filter receives unfiltered mail content from
 Postfix and does one of the following:  </p>
@@ -346,62 +345,24 @@ pipelining.  Postfix generates its own EHLO, XFORWARD (for logging
 the remote client IP address instead of localhost[127.0.0.1]), DATA
 and QUIT commands, and forwards unmodified copies of all the MAIL
 FROM and RCPT TO commands that the before-filter Postfix SMTP server
-didn't reject itself.  The SMTP proxy server should accept the same
-MAIL FROM and RCPT TO command syntax as the Postfix SMTP server.
+didn't reject itself.
 Postfix sends no other SMTP commands. </p>
 
-<p> The content filter is expected to pass on unmodified SMTP
-commands from a before-filter Postfix SMTP server to an after-filter
-Postfix SMTP server that usually listens on a non-standard port.
-When the filter rejects content, it should send a negative SMTP
+<p> The content filter should accept the same MAIL FROM and RCPT
+TO command syntax as the before-filter Postfix SMTP server, and
+should forward the commands without modification to the after-filter
+SMTP server.  If the content filter or after-filter SMTP server
+does not support all the ESMTP features that the before-filter
+Postfix SMTP server supports, then the missing features must be
+turned off in the before-filter Postfix SMTP server with the
+smtpd_discard_ehlo_keywords parameter. </p>
+
+<p> When the filter rejects content, it should send a negative SMTP
 response back to the before-filter Postfix SMTP server, and it
 should abort the connection with the after-filter Postfix SMTP
 server without completing the SMTP conversation with the after-filter
 Postfix SMTP server. </p>
 
-<p> More detail on the postfix-to-proxy interaction is in the
-section titled "<a href="#transparency">Transparency</a>". </p>
-
-<h2><a name="transparency">Transparency</a></h2>
-
-<p> The before-filter Postfix SMTP server forwards the MAIL FROM,
-RCPT TO and DATA commands that it has approved, but it does not
-forward other commands such as TLS or SASL commands.  It can
-therefore not be transparent. </p>
-
-<p> The real-time content filter, on the other hand, has to be
-transparent.  In order to support non-transparent real-time content
-filters, Postfix would have to reconcile the before-filter Postfix
-ESMTP feature set with the feature set that Postfix receives from
-the real-time content filter. </p>
-
-<ul>
-
-    <li> <p> When a future Postfix version supports DSN, but the
-    content filter does not announce DSN support in the EHLO reply,
-    then the before-filter SMTP server would have to either 1)
-    suppress the DSN feature in its EHLO announcement, or 2)
-    duplicate all the work that needs to be done when delivering
-    DSN-aware mail to a non-DSN destination. </p>
-
-    <li> <p> When the content filter does not announce 8BITMIME
-    support in the EHLO reply, then the before-filter SMTP server
-    would have to either 1) suppress the 8BITMIME feature in its
-    EHLO announcement, or 2) convert the content to quoted-printable
-    before giving it to the content filter. </p>
-
-    <li> <p> Performance: when Postfix has to suppress elements
-    from the before-filter EHLO reply because they are incompatible
-    with the real-time content filter, then Postfix has to connect
-    to the content filter as soon as the client sends a valid EHLO
-    command.  This wastes a lot of resources when all the MAIL FROM
-    or RCPT TO commands are rejected. </p>
-
-</ul>
-
-<p> Therefore, the Postfix SMTP server cannot be transparent with
-respect to the before-queue content filter. </p>
-
 </body>
 
 </html>
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index b16479898..e4ed4bcee 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -130,9 +130,9 @@ done by invoking the command "<tt>make makefiles</tt>" in the Postfix
 top-level directory and with arguments as shown next. </p>
 
 <p> <b> NOTE: Do not use Gnu TLS.  It will spontaneously terminate
-a process with exit status code 2, instead of properly reporting
-problems to Postfix, so that it can log them to the maillog file.
-</b> </p>
+a Postfix daemon process with exit status code 2, instead of allowing
+Postfix to 1) report the error to the maillog file, and to 2) provide
+plaintext service where this is appropriate.  </b> </p>
 
 <ul>
 
@@ -1203,11 +1203,11 @@ verification. This feature requires Postfix 2.2.9 or later.  </p>
     # relayhost exact nexthop match
     [msa.example.net]:587       MUST
 
-    # example.org (as nexthop) has MX hosts with broken TLS.
+    # TLS should not be used with the <i>example.org</i> MX hosts.
     example.org                 NONE
 
-    # Except for (as host) mx1.example.org which works.
-    mx1.example.org             MAY
+    # TLS should not be used with the host <i>smtp.example.com</i>.
+    smtp.example.com             NONE
 </pre>
 </blockquote>
 
diff --git a/postfix/proto/ldap_table b/postfix/proto/ldap_table
index ec2674363..d8d2d2ef0 100644
--- a/postfix/proto/ldap_table
+++ b/postfix/proto/ldap_table
@@ -46,8 +46,8 @@
 #	written in main.cf, which is normally world-readable.  Support
 #	for this form will be removed in a future Postfix version.
 #
-#	Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
-#	these now include features previously available only in the
+#	Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL.
+#	These include features that were previously available only in the
 #	Postfix LDAP client. This work also created an opportunity for
 #	improvements in the LDAP interface. The primary compatibility
 #	issue is that \fBresult_filter\fR (a name that has caused some
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index ab8812b9b..f21b3d0ae 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -2766,7 +2766,7 @@ and would otherwise be confused with a "type:table" pattern.  </p>
 <pre> 
 mynetworks = 127.0.0.0/8 168.100.189.0/28
 mynetworks = !192.168.0.1, 192.168.0.0/28
-mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:5c7::]/64 
+mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 
 mynetworks = $config_directory/mynetworks
 mynetworks = hash:/etc/postfix/network_table
 </pre>
@@ -9240,3 +9240,18 @@ smtp_sasl_tls_verified_security_options configuration parameter.
 See there for details. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>
+
+%PARAM smtpd_delay_open_until_valid_rcpt yes
+
+<p> Postpone the start of an SMTP mail transaction until a valid
+RCPT TO command is received. Specify "smtpd_delay_open_until_rcpt =
+yes" to create a mail transaction as soon as the SMTP server receives
+a valid MAIL FROM command. </p>
+
+<p> Postponing the start of a mail transaction reduces the use of
+disk, CPU and memory resources. The downside is that rejected
+recipients are logged with NOQUEUE instead of a mail transaction
+ID. This complicates the logfile analysis of multi-recipient mail.
+</p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
diff --git a/postfix/src/cleanup/cleanup_api.c b/postfix/src/cleanup/cleanup_api.c
index 4fcaa492f..524e6c4aa 100644
--- a/postfix/src/cleanup/cleanup_api.c
+++ b/postfix/src/cleanup/cleanup_api.c
@@ -277,12 +277,20 @@ int     cleanup_flush(CLEANUP_STATE *state)
 	     * XXX: When delivering to a non-incoming queue, do not consume
 	     * in_flow tokens. Unfortunately we can't move the code that
 	     * consumes tokens until after the mail is received, because that
-	     * would increase the risk of duplicate deliveries.
+	     * would increase the risk of duplicate deliveries (RFC 1047).
 	     */
 	    (void) mail_flow_put(1);
 	}
 	state->errs = mail_stream_finish(state->handle, (VSTRING *) 0);
     } else {
+
+	/*
+	 * XXX: When discarding mail, should we consume in_flow tokens? See
+	 * also the comments above for mail that is placed on hold.
+	 */
+#if 0
+	(void) mail_flow_put(1);
+#endif
 	mail_stream_cleanup(state->handle);
     }
     state->handle = 0;
diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in
index fc13115f0..2a16d5f29 100644
--- a/postfix/src/global/Makefile.in
+++ b/postfix/src/global/Makefile.in
@@ -274,7 +274,7 @@ own_inet_addr: own_inet_addr.c $(LIB) $(LIBS)
 tests: tok822_test mime_test mime_nest mime_8bit mime_dom mime_trunc \
 	mime_cvt mime_cvt2 mime_cvt3 strip_addr_test tok822_limit_test \
 	xtext_test scache_multi_test ehlo_mask_test \
-	namadr_list_test
+	namadr_list_test mail_conf_time_test
 
 root_tests: rewrite_clnt_test resolve_clnt_test
 
@@ -389,6 +389,11 @@ namadr_list_test: namadr_list namadr_list.in namadr_list.ref
 	diff namadr_list.ref namadr_list.tmp
 	rm -f namadr_list.tmp
 
+mail_conf_time_test: mail_conf_time mail_conf_time.ref
+	./mail_conf_time >mail_conf_time.tmp
+	diff mail_conf_time.ref mail_conf_time.tmp
+	rm -f mail_conf_time.tmp
+
 printfck: $(OBJS) $(PROG)
 	rm -rf printfck
 	mkdir printfck
diff --git a/postfix/src/global/conv_time.c b/postfix/src/global/conv_time.c
index 0640623a3..508e85326 100644
--- a/postfix/src/global/conv_time.c
+++ b/postfix/src/global/conv_time.c
@@ -6,9 +6,9 @@
 /* SYNOPSIS
 /*	#include <conv_time.h>
 /*
-/*	int	conv_time(strval, intval, def_unit);
+/*	int	conv_time(strval, timval, def_unit);
 /*	const char *strval;
-/*	int	*intval;
+/*	int	*timval;
 /*	int	def_unit;
 /* DESCRIPTION
 /*	conv_time() converts a numerical time value with optional
@@ -19,7 +19,7 @@
 /*	Arguments:
 /* .IP strval
 /*	Input value.
-/* .IP intval
+/* .IP timval
 /*	Result pointer.
 /* .IP def_unit
 /*	The default time unit suffix character.
@@ -40,6 +40,7 @@
 /* System library. */
 
 #include <sys_defs.h>
+#include <limits.h>			/* INT_MAX */
 #include <stdio.h>			/* sscanf() */
 
 /* Utility library. */
@@ -57,29 +58,49 @@
 
 /* conv_time - convert time value */
 
-int     conv_time(const char *strval, int *intval, int def_unit)
+int     conv_time(const char *strval, int *timval, int def_unit)
 {
     char    unit;
     char    junk;
+    int     intval;
 
-    switch (sscanf(strval, "%d%c%c", intval, &unit, &junk)) {
+    switch (sscanf(strval, "%d%c%c", &intval, &unit, &junk)) {
     case 1:
 	unit = def_unit;
     case 2:
+	if (intval < 0)
+	    return (0);
 	switch (unit) {
 	case 'w':
-	    *intval *= WEEK;
-	    return (1);
+	    if (intval < INT_MAX / WEEK) {
+		*timval = intval * WEEK;
+		return (1);
+	    } else {
+		return (0);
+	    }
 	case 'd':
-	    *intval *= DAY;
-	    return (1);
+	    if (intval < INT_MAX / DAY) {
+		*timval = intval * DAY;
+		return (1);
+	    } else {
+		return (0);
+	    }
 	case 'h':
-	    *intval *= HOUR;
-	    return (1);
+	    if (intval < INT_MAX / HOUR) {
+		*timval = intval * HOUR;
+		return (1);
+	    } else {
+		return (0);
+	    }
 	case 'm':
-	    *intval *= MINUTE;
-	    return (1);
+	    if (intval < INT_MAX / MINUTE) {
+		*timval = intval * MINUTE;
+		return (1);
+	    } else {
+		return (0);
+	    }
 	case 's':
+	    *timval = intval;
 	    return (1);
 	}
     }
diff --git a/postfix/src/global/db_common.c b/postfix/src/global/db_common.c
index b5ab21e6b..183f0db0f 100644
--- a/postfix/src/global/db_common.c
+++ b/postfix/src/global/db_common.c
@@ -205,6 +205,12 @@ int db_common_parse(DICT *dict, void **ctxPtr, const char *format, int query)
 		break;
 	    case '1': case '2': case '3': case '4': case '5':
 	    case '6': case '7': case '8': case '9':
+	    	/*
+		 * Find highest %[1-9] index in query template. Input keys
+		 * will be constrained to those with at least this many
+		 * domain components. This makes the db_common_expand()
+		 * code safe from invalid inputs.
+		 */
 	    	if (ctx->nparts < *cp - '0')
 		    ctx->nparts = *cp - '0';
 		/* FALLTHROUGH */
@@ -324,7 +330,9 @@ int db_common_expand(void *ctxArg, const char *format, const char *value,
     if (ctx->nparts > 0) {
     	parts = argv_split(key ? kdomain : vdomain, ".");
 	/*
-	 * Skip domains that lack enough labels to fill-in the template.
+	 * Filter out input keys whose domains lack enough labels
+	 * to fill-in the query template. See below and also 
+	 * db_common_parse() which initializes ctx->nparts.
 	 */
 	if (parts->argc < ctx->nparts) {
 	    argv_free(parts);
@@ -418,6 +426,14 @@ int db_common_expand(void *ctxArg, const char *format, const char *value,
 
 	    case '1': case '2': case '3': case '4': case '5':
 	    case '6': case '7': case '8': case '9':
+	    	/*
+		 * Interpolate %[1-9] components into the query string.
+		 * By this point db_common_parse() has identified the
+		 * highest component index, and (see above) keys with
+		 * fewer components have been filtered out. The "parts"
+		 * ARGV is guaranteed to be initialized and hold enough
+		 * elements to satisfy the query template.
+		 */
 		QUOTE_VAL(ctx->dict, quote_func,
 			  parts->argv[parts->argc-(*cp-'0')], result);
 		break;
diff --git a/postfix/src/global/deliver_request.h b/postfix/src/global/deliver_request.h
index ba3afb5b3..e0d520ae9 100644
--- a/postfix/src/global/deliver_request.h
+++ b/postfix/src/global/deliver_request.h
@@ -65,8 +65,8 @@ typedef struct DELIVER_REQUEST {
 #define DEL_REQ_FLAG_SUCCESS	(1<<0)	/* delete successful recipients */
 #define DEL_REQ_FLAG_BOUNCE	(1<<1)	/* unimplemented */
 
-#define DEL_REQ_FLAG_MTA_VRFY	(1<<8)	/* verify recipient, don't deliver */
-#define DEL_REQ_FLAG_USR_VRFY	(1<<9)	/* verify expansion, don't deliver */
+#define DEL_REQ_FLAG_MTA_VRFY	(1<<8)	/* MTA-requested address probe */
+#define DEL_REQ_FLAG_USR_VRFY	(1<<9)	/* user-requested address probe */
 #define DEL_REQ_FLAG_RECORD	(1<<10)	/* record and deliver */
 #define DEL_REQ_FLAG_SCACHE	(1<<11)	/* opportunistic caching */
 
diff --git a/postfix/src/global/mail_conf_time.c b/postfix/src/global/mail_conf_time.c
index 326d7724c..c90beebce 100644
--- a/postfix/src/global/mail_conf_time.c
+++ b/postfix/src/global/mail_conf_time.c
@@ -94,7 +94,7 @@ static int convert_mail_conf_time(const char *name, int *intval, int def_unit)
     if ((strval = mail_conf_lookup_eval(name)) == 0)
 	return (0);
     if (conv_time(strval, intval, def_unit) == 0)
-	msg_fatal("parameter %s: bad time unit: %s", name, strval);
+	msg_fatal("parameter %s: bad time value or unit: %s", name, strval);
     return (1);
 }
 
diff --git a/postfix/src/global/mail_conf_time.ref b/postfix/src/global/mail_conf_time.ref
new file mode 100644
index 000000000..d6ef0b1e0
--- /dev/null
+++ b/postfix/src/global/mail_conf_time.ref
@@ -0,0 +1,5 @@
+10 seconds = 1
+10 minutes = 600
+10 hours = 36000
+10 days = 864000
+10 weeks = 6048000
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 7d8eb85e1..613ce47c9 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -1167,6 +1167,10 @@ extern char *var_smtpd_tls_scache_db;
 #define DEF_SMTPD_TLS_SCACHTIME	"3600s"
 extern int var_smtpd_tls_scache_timeout;
 
+#define VAR_SMTPD_DELAY_OPEN	"smtpd_delay_open_until_valid_rcpt"
+#define DEF_SMTPD_DELAY_OPEN	1
+extern bool var_smtpd_delay_open;
+
 #define VAR_SMTP_TLS_PER_SITE	"smtp_tls_per_site"
 #define DEF_SMTP_TLS_PER_SITE	""
 #define VAR_LMTP_TLS_PER_SITE	"lmtp_tls_per_site"
diff --git a/postfix/src/global/mail_run.c b/postfix/src/global/mail_run.c
index 45b786a9d..f3764345f 100644
--- a/postfix/src/global/mail_run.c
+++ b/postfix/src/global/mail_run.c
@@ -92,6 +92,8 @@ int     mail_run_foreground(const char *dir, char **argv)
 	    msg_warn("fork %s: %m", path);
 	    break;
 	case 0:
+	    /* Reset the msg_cleanup() handlers in the child process. */
+	    (void) msg_cleanup((MSG_CLEANUP_FN) 0);
 	    execv(path, argv);
 	    msg_fatal("execv %s: %m", path);
 	default:
@@ -124,6 +126,8 @@ int     mail_run_background(const char *dir, char **argv)
 	    msg_warn("fork %s: %m", path);
 	    break;
 	case 0:
+	    /* Reset the msg_cleanup() handlers in the child process. */
+	    (void) msg_cleanup((MSG_CLEANUP_FN) 0);
 	    execv(path, argv);
 	    msg_fatal("execv %s: %m", path);
 	default:
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 2a0240f78..a13886bb5 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20060207"
+#define MAIL_RELEASE_DATE	"20060307"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/pipe_command.c b/postfix/src/global/pipe_command.c
index b0caa5cba..fe02a3226 100644
--- a/postfix/src/global/pipe_command.c
+++ b/postfix/src/global/pipe_command.c
@@ -353,6 +353,13 @@ static int pipe_command_wait_or_kill(pid_t pid, WAIT_STATUS_T *statusp, int sig,
     return (n);
 }
 
+/* pipe_child_cleanup - child fatal error handler */
+
+static void pipe_child_cleanup(void)
+{
+    exit(EX_TEMPFAIL);
+}
+
 /* pipe_command - execute command with extreme prejudice */
 
 int     pipe_command(VSTREAM *src, DSN_BUF *why,...)
@@ -434,8 +441,13 @@ int     pipe_command(VSTREAM *src, DSN_BUF *why,...)
 	/*
 	 * Child. Run the child in a separate process group so that the
 	 * parent can kill not just the child but also its offspring.
+	 * 
+	 * Redirect fatal exits to our own fatal exit handler (never leave the
+	 * parent's handler enabled :-) so we can replace random exit status
+	 * codes by EX_TEMPFAIL.
 	 */
     case 0:
+	(void) msg_cleanup(pipe_child_cleanup);
 	set_ugid(args.uid, args.gid);
 	if (setsid() < 0)
 	    msg_warn("setsid failed: %m");
@@ -455,12 +467,10 @@ int     pipe_command(VSTREAM *src, DSN_BUF *why,...)
 	/*
 	 * Working directory plumbing.
 	 */
-	if (args.cwd && chdir(args.cwd) < 0) {
-	    msg_warn("cannot change directory to \"%s\" for uid=%lu gid=%lu: %m",
-		     args.cwd, (unsigned long) args.uid,
-		     (unsigned long) args.gid);
-	    exit(EX_TEMPFAIL);
-	}
+	if (args.cwd && chdir(args.cwd) < 0)
+	    msg_fatal("cannot change directory to \"%s\" for uid=%lu gid=%lu: %m",
+		      args.cwd, (unsigned long) args.uid,
+		      (unsigned long) args.gid);
 
 	/*
 	 * Environment plumbing. Always reset the command search path. XXX
@@ -477,6 +487,11 @@ int     pipe_command(VSTREAM *src, DSN_BUF *why,...)
 
 	/*
 	 * Process plumbing. If possible, avoid running a shell.
+	 * 
+	 * From this point we would like to handle fatal errors ourselves
+	 * (ENOMEM would probably be one of the few soft error conditions).
+	 * For that we have to update exec_command() first so it returns an
+	 * error indication instead of terminating the process.
 	 */
 	closelog();
 	if (args.argv) {
diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c
index d361b2c55..fdf883225 100644
--- a/postfix/src/master/multi_server.c
+++ b/postfix/src/master/multi_server.c
@@ -260,6 +260,7 @@ int     multi_server_drain(void)
 	return (-1);
 	/* Finish existing clients in the background, then terminate. */
     case 0:
+	(void) msg_cleanup((MSG_CLEANUP_FN) 0);
 	for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++)
 	    event_disable_readwrite(fd);
 	var_use_limit = 1;
diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c
index 967d9fb5a..d8670c97a 100644
--- a/postfix/src/pipe/pipe.c
+++ b/postfix/src/pipe/pipe.c
@@ -568,6 +568,7 @@ static void morph_recipient(VSTRING *buf, const char *address, int flags)
 	    *cp = '@';
 	    break;
 	}
+	/* FALLTHROUGH */
     case PIPE_OPT_FOLD_USER | PIPE_OPT_FOLD_HOST:
 	lowercase(STR(buf));
 	break;
diff --git a/postfix/src/postlock/postlock.c b/postfix/src/postlock/postlock.c
index 02cfbf738..ab3a4ecf3 100644
--- a/postfix/src/postlock/postlock.c
+++ b/postfix/src/postlock/postlock.c
@@ -239,6 +239,7 @@ int     main(int argc, char **argv)
     }
     switch (pid) {
     case 0:
+	(void) msg_cleanup((MSG_CLEANUP_FN) 0);
 	execvp(command[0], command);
 	msg_fatal("execvp %s: %m", command[0]);
     default:
diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c
index d5efe0c75..03dfb0f86 100644
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@@ -247,6 +247,16 @@ static DNS_RR *smtp_addr_list(DNS_RR *mx_names, DSN_BUF *why)
      * correctly handle the case of no resolvable MX host. Currently this is
      * always treated as a soft error. RFC 2821 wants a more precise
      * response.
+     * 
+     * XXX dns_lookup() enables RES_DEFNAMES. This is wrong for names found in
+     * MX records - we should not append the local domain to dot-less names.
+     * 
+     * XXX However, this is not the only problem. If we use the native name
+     * service for host lookup, then it will usually enable RES_DNSRCH which
+     * appends local domain information to all lookups. In particular,
+     * getaddrinfo() may invoke a resolver that runs in a different process
+     * (NIS server, nscd), so we can't even reliably turn this off by
+     * tweaking the in-process resolver flags.
      */
     for (rr = mx_names; rr; rr = rr->next) {
 	if (rr->type != T_MX)
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 74a90af2f..46811f889 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -105,6 +105,9 @@
 /*	A case insensitive list of EHLO keywords (pipelining, starttls,
 /*	auth, etc.) that the SMTP server will not send in the EHLO response
 /*	to a remote SMTP client.
+/* .IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR"
+/*	Postpone the start of an SMTP mail transaction until a valid
+/*	RCPT TO command is received.
 /* ADDRESS REWRITING CONTROLS
 /* .ad
 /* .fi
@@ -960,6 +963,7 @@ char   *var_smtpd_sasl_tls_opts;
 
 bool    var_smtpd_peername_lookup;
 int     var_plaintext_code;
+bool    var_smtpd_delay_open;
 
  /*
   * Silly little macros.
@@ -1275,31 +1279,46 @@ static void helo_reset(SMTPD_STATE *state)
 
 /* mail_open_stream - open mail queue file or IPC stream */
 
-static void mail_open_stream(SMTPD_STATE *state)
+static int mail_open_stream(SMTPD_STATE *state)
 {
-    char   *postdrop_command;
-    int     cleanup_flags;
 
     /*
-     * XXX 2821: An SMTP server is not allowed to "clean up" mail except in
-     * the case of original submissions. Presently, Postfix always runs all
-     * mail through the cleanup server.
-     * 
-     * We could approximate the RFC as follows: Postfix rewrites mail if it
-     * comes from a source that we are willing to relay for. This way, we
-     * avoid rewriting most mail that comes from elsewhere. However, that
-     * requires moving functionality away from the cleanup daemon elsewhere,
-     * such as virtual address expansion, and header/body pattern matching.
+     * Connect to the before-queue filter when one is configured. The MAIL
+     * FROM and RCPT TO commands are forwarded as received (including DSN
+     * attributes), with the exception that the before-filter smtpd process
+     * handles all authentication, encryption, access control and relay
+     * control, and that the before-filter smtpd process does not forward
+     * blocked commands. If the after-filter smtp server does not support
+     * some of Postfix's ESMTP features, then they must be turned off in the
+     * before-filter smtpd process with the smtpd_discard_ehlo_keywords
+     * feature.
      */
+    if (state->proxy_mail) {
+	smtpd_check_rewrite(state);
+	if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
+			     var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
+			     state->proxy_mail) != 0) {
+	    smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
+	    return (-1);
+	}
+    }
 
     /*
      * If running from the master or from inetd, connect to the cleanup
      * service.
+     * 
+     * XXX 2821: An SMTP server is not allowed to "clean up" mail except in the
+     * case of original submissions.
+     * 
+     * We implement this by distinguishing between mail that we are willing to
+     * rewrite (the local rewrite context) and mail from elsewhere.
      */
-    cleanup_flags = input_transp_cleanup(CLEANUP_FLAG_MASK_EXTERNAL,
-					 smtpd_input_transp_mask);
+    else if (SMTPD_STAND_ALONE(state) == 0) {
+	int     cleanup_flags;
 
-    if (SMTPD_STAND_ALONE(state) == 0) {
+	smtpd_check_rewrite(state);
+	cleanup_flags = input_transp_cleanup(CLEANUP_FLAG_MASK_EXTERNAL,
+					     smtpd_input_transp_mask);
 	state->dest = mail_stream_service(MAIL_CLASS_PUBLIC,
 					  var_cleanup_service);
 	if (state->dest == 0
@@ -1315,6 +1334,8 @@ static void mail_open_stream(SMTPD_STATE *state)
      * XXX Make postdrop a manifest constant.
      */
     else {
+	char   *postdrop_command;
+
 	postdrop_command = concatenate(var_command_dir, "/postdrop",
 			      msg_verbose ? " -v" : (char *) 0, (char *) 0);
 	state->dest = mail_stream_command(postdrop_command);
@@ -1322,86 +1343,101 @@ static void mail_open_stream(SMTPD_STATE *state)
 	    msg_fatal("unable to execute %s", postdrop_command);
 	myfree(postdrop_command);
     }
-    state->cleanup = state->dest->stream;
-    state->queue_id = mystrdup(state->dest->id);
 
     /*
      * Record the time of arrival, the SASL-related stuff if applicable, the
      * sender envelope address, some session information, and some additional
      * attributes.
      */
-    if (SMTPD_STAND_ALONE(state) == 0) {
-	rec_fprintf(state->cleanup, REC_TYPE_TIME, REC_TYPE_TIME_FORMAT,
-		    REC_TYPE_TIME_ARG(state->arrival_time));
-	if (*var_filter_xport)
-	    rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
-	rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-		    MAIL_ATTR_RWR_CONTEXT, FORWARD_DOMAIN(state));
+    if (state->dest) {
+	state->cleanup = state->dest->stream;
+	state->queue_id = mystrdup(state->dest->id);
+	if (SMTPD_STAND_ALONE(state) == 0) {
+	    rec_fprintf(state->cleanup, REC_TYPE_TIME, REC_TYPE_TIME_FORMAT,
+			REC_TYPE_TIME_ARG(state->arrival_time));
+	    if (*var_filter_xport)
+		rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
+	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			MAIL_ATTR_RWR_CONTEXT, FORWARD_DOMAIN(state));
 #ifdef USE_SASL_AUTH
-	if (var_smtpd_sasl_enable) {
-	    if (state->sasl_method)
-		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			    MAIL_ATTR_SASL_METHOD, state->sasl_method);
-	    if (state->sasl_username)
-		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			    MAIL_ATTR_SASL_USERNAME, state->sasl_username);
-	    if (state->sasl_sender)
+	    if (var_smtpd_sasl_enable) {
+		if (state->sasl_method)
+		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+				MAIL_ATTR_SASL_METHOD, state->sasl_method);
+		if (state->sasl_username)
+		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			     MAIL_ATTR_SASL_USERNAME, state->sasl_username);
+		if (state->sasl_sender)
+		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+				MAIL_ATTR_SASL_SENDER, state->sasl_sender);
+	    }
+#endif
+
+	    /*
+	     * Record DSN related information that was received with the MAIL
+	     * FROM command.
+	     * 
+	     * RFC 3461 Section 5.2.1. If no ENVID parameter was included in the
+	     * MAIL command when the message was received, the ENVID
+	     * parameter MUST NOT be supplied when the message is relayed.
+	     * Ditto for the RET parameter.
+	     * 
+	     * In other words, we can't simply make up our default ENVID or RET
+	     * values. We have to remember whether the client sent any.
+	     * 
+	     * We store DSN information as named attribute records so that we
+	     * don't have to pollute the queue file with records that are
+	     * incompatible with past Postfix versions. Preferably, people
+	     * should be able to back out from an upgrade without losing
+	     * mail.
+	     */
+	    if (state->dsn_envid)
 		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			    MAIL_ATTR_SASL_SENDER, state->sasl_sender);
+			    MAIL_ATTR_DSN_ENVID, state->dsn_envid);
+	    if (state->dsn_ret)
+		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%d",
+			    MAIL_ATTR_DSN_RET, state->dsn_ret);
 	}
-#endif
+	rec_fputs(state->cleanup, REC_TYPE_FROM, state->sender);
+	if (state->encoding != 0)
+	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			MAIL_ATTR_ENCODING, state->encoding);
 
 	/*
-	 * Record DSN related information that was received with the MAIL
-	 * FROM command.
-	 * 
-	 * RFC 3461 Section 5.2.1. If no ENVID parameter was included in the
-	 * MAIL command when the message was received, the ENVID parameter
-	 * MUST NOT be supplied when the message is relayed. Ditto for the
-	 * RET parameter.
-	 * 
-	 * In other words, we can't simply make up our default ENVID or RET
-	 * values. We have to remember whether the client sent any.
-	 * 
-	 * We store DSN information as named attribute records so that we don't
-	 * have to pollute the queue file with records that are incompatible
-	 * with past Postfix versions. Preferably, people should be able to
-	 * back out from an upgrade without losing mail.
+	 * Store the client attributes for logging purposes.
 	 */
-	if (state->dsn_envid)
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			MAIL_ATTR_DSN_ENVID, state->dsn_envid);
-	if (state->dsn_ret)
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%d",
-			MAIL_ATTR_DSN_RET, state->dsn_ret);
+	if (SMTPD_STAND_ALONE(state) == 0) {
+	    if (IS_AVAIL_CLIENT_NAME(FORWARD_NAME(state)))
+		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			    MAIL_ATTR_CLIENT_NAME, FORWARD_NAME(state));
+	    if (IS_AVAIL_CLIENT_ADDR(FORWARD_ADDR(state)))
+		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			    MAIL_ATTR_CLIENT_ADDR, FORWARD_ADDR(state));
+	    if (IS_AVAIL_CLIENT_NAMADDR(FORWARD_NAMADDR(state)))
+		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			    MAIL_ATTR_ORIGIN, FORWARD_NAMADDR(state));
+	    if (IS_AVAIL_CLIENT_HELO(FORWARD_HELO(state)))
+		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			    MAIL_ATTR_HELO_NAME, FORWARD_HELO(state));
+	    if (IS_AVAIL_CLIENT_PROTO(FORWARD_PROTO(state)))
+		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			    MAIL_ATTR_PROTO_NAME, FORWARD_PROTO(state));
+	}
+	if (state->verp_delims)
+	    rec_fputs(state->cleanup, REC_TYPE_VERP, state->verp_delims);
     }
-    rec_fputs(state->cleanup, REC_TYPE_FROM, state->sender);
-    if (state->encoding != 0)
-	rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-		    MAIL_ATTR_ENCODING, state->encoding);
 
     /*
-     * Store the client attributes for logging purposes.
+     * Log the queue ID with the message origin.
      */
-    if (SMTPD_STAND_ALONE(state) == 0) {
-	if (IS_AVAIL_CLIENT_NAME(FORWARD_NAME(state)))
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			MAIL_ATTR_CLIENT_NAME, FORWARD_NAME(state));
-	if (IS_AVAIL_CLIENT_ADDR(FORWARD_ADDR(state)))
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			MAIL_ATTR_CLIENT_ADDR, FORWARD_ADDR(state));
-	if (IS_AVAIL_CLIENT_NAMADDR(FORWARD_NAMADDR(state)))
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			MAIL_ATTR_ORIGIN, FORWARD_NAMADDR(state));
-	if (IS_AVAIL_CLIENT_HELO(FORWARD_HELO(state)))
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			MAIL_ATTR_HELO_NAME, FORWARD_HELO(state));
-	if (IS_AVAIL_CLIENT_PROTO(FORWARD_PROTO(state)))
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			MAIL_ATTR_PROTO_NAME, FORWARD_PROTO(state));
-    }
-    if (state->verp_delims)
-	rec_fputs(state->cleanup, REC_TYPE_VERP, state->verp_delims);
+#ifdef USE_SASL_AUTH
+    if (var_smtpd_sasl_enable)
+	smtpd_sasl_mail_log(state);
+    else
+#endif
+	msg_info("%s: client=%s", state->queue_id ?
+		 state->queue_id : "NOQUEUE", FORWARD_NAMADDR(state));
+    return (0);
 }
 
 /* extract_addr - extract address from rubble */
@@ -1712,6 +1748,8 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	state->dsn_envid = mystrdup(STR(state->dsn_buf));
     if (USE_SMTPD_PROXY(state))
 	state->proxy_mail = mystrdup(STR(state->buffer));
+    if (var_smtpd_delay_open == 0 && mail_open_stream(state) < 0)
+	return (-1);
     smtpd_chat_reply(state, "250 2.1.0 Ok");
     return (0);
 }
@@ -1910,31 +1948,8 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
      * Don't access the proxy, queue file, or queue file writer process until
      * we have a valid recipient address.
      */
-    if (state->proxy == 0 && state->cleanup == 0) {
-	if (!SMTPD_STAND_ALONE(state))
-	    smtpd_check_rewrite(state);
-	if (state->proxy_mail) {
-	    if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
-				 var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
-				 state->proxy_mail) != 0) {
-		smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
-		return (-1);
-	    }
-	} else {
-	    mail_open_stream(state);
-	}
-
-	/*
-	 * Log the queue ID with the message origin.
-	 */
-#ifdef USE_SASL_AUTH
-	if (var_smtpd_sasl_enable)
-	    smtpd_sasl_mail_log(state);
-	else
-#endif
-	    msg_info("%s: client=%s", state->queue_id ?
-		     state->queue_id : "NOQUEUE", FORWARD_NAMADDR(state));
-    }
+    if (state->proxy == 0 && state->cleanup == 0 && mail_open_stream(state) < 0)
+	return (-1);
 
     /*
      * Proxy the recipient. OK, so we lied. If the real-time proxy rejects
@@ -3769,6 +3784,7 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_TLS_RECHEAD, DEF_SMTPD_TLS_RECHEAD, &var_smtpd_tls_received_header,
 #endif
 	VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup,
+	VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open,
 	0,
     };
     static CONFIG_STR_TABLE str_table[] = {
diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c
index 2cb7ca853..3a25270f4 100644
--- a/postfix/src/smtpd/smtpd_proxy.c
+++ b/postfix/src/smtpd/smtpd_proxy.c
@@ -349,26 +349,31 @@ int     smtpd_proxy_open(SMTPD_STATE *state, const char *service,
     if (state->proxy_xforward_features) {
 	buf = vstring_alloc(100);
 	bad = 0;
-	if ((!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_NAME)
-	     || !(bad = smtpd_xforward(state, buf, XFORWARD_NAME,
-				  IS_AVAIL_CLIENT_NAME(FORWARD_NAME(state)),
-				       FORWARD_NAME(state))))
-	    && (!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_ADDR)
-		|| !(bad = smtpd_xforward(state, buf, XFORWARD_ADDR,
-				  IS_AVAIL_CLIENT_ADDR(FORWARD_ADDR(state)),
-					  FORWARD_ADDR(state))))
-	    && (!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_HELO)
-		|| !(bad = smtpd_xforward(state, buf, XFORWARD_HELO,
-				  IS_AVAIL_CLIENT_HELO(FORWARD_HELO(state)),
-					  FORWARD_HELO(state))))
-	  && (!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_PROTO)
-	      || !(bad = smtpd_xforward(state, buf, XFORWARD_PROTO,
-				IS_AVAIL_CLIENT_PROTO(FORWARD_PROTO(state)),
-					FORWARD_PROTO(state))))
-	 && (!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_DOMAIN)
-	     || !(bad = smtpd_xforward(state, buf, XFORWARD_DOMAIN, 1,
+	if (state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_NAME)
+	    bad = smtpd_xforward(state, buf, XFORWARD_NAME,
+				 IS_AVAIL_CLIENT_NAME(FORWARD_NAME(state)),
+				 FORWARD_NAME(state));
+	if (bad == 0
+	    && (state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_ADDR))
+	    bad = smtpd_xforward(state, buf, XFORWARD_ADDR,
+				 IS_AVAIL_CLIENT_ADDR(FORWARD_ADDR(state)),
+				 FORWARD_ADDR(state));
+	if (bad == 0
+	    && (state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_HELO))
+	    bad = smtpd_xforward(state, buf, XFORWARD_HELO,
+				 IS_AVAIL_CLIENT_HELO(FORWARD_HELO(state)),
+				 FORWARD_HELO(state));
+	if (bad == 0
+	    && (state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_PROTO))
+	    bad = smtpd_xforward(state, buf, XFORWARD_PROTO,
+				 IS_AVAIL_CLIENT_PROTO(FORWARD_PROTO(state)),
+				 FORWARD_PROTO(state));
+	if (bad == 0
+	  && (state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_DOMAIN))
+	    bad = smtpd_xforward(state, buf, XFORWARD_DOMAIN, 1,
 			 STREQ(FORWARD_DOMAIN(state), MAIL_ATTR_RWR_LOCAL) ?
-				XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE))))
+				 XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE);
+	if (bad == 0)
 	    bad = smtpd_xforward_flush(state, buf);
 	vstring_free(buf);
 	if (bad) {
diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c
index 042ee2984..87ab4e9f7 100644
--- a/postfix/src/tls/tls_verify.c
+++ b/postfix/src/tls/tls_verify.c
@@ -260,13 +260,13 @@ static char *tls_text_name(X509_NAME *name, int nid, char *label, int gripe)
      * Standard UTF8 does not encode NUL as 0b11000000, that is
      * a Java "feature". So we need to check for embedded NULs.
      */
-    if (strlen(tmp) != len) {
+    if (strlen((char *) tmp) != len) {
 	msg_warn("internal NUL in peer %s", label);
 	OPENSSL_free(tmp);
 	return (0);
     }
 
-    result = mystrdup(tmp);
+    result = mystrdup((char *) tmp);
     OPENSSL_free(tmp);
     return (result);
 }
diff --git a/postfix/src/trivial-rewrite/rewrite.c b/postfix/src/trivial-rewrite/rewrite.c
index 45e507d0b..1e5df5a2b 100644
--- a/postfix/src/trivial-rewrite/rewrite.c
+++ b/postfix/src/trivial-rewrite/rewrite.c
@@ -174,7 +174,8 @@ void    rewrite_tree(RWR_CONTEXT *context, TOK822 *tree)
 	 * Append missing @origin
 	 */
 	else if (var_append_at_myorigin != 0
-		 && context->origin[0][0] != 0) {
+		 && REW_PARAM_VALUE(context->origin) != 0
+		 && REW_PARAM_VALUE(context->origin)[0] != 0) {
 	    domain = tok822_sub_append(tree, tok822_alloc('@', (char *) 0));
 	    tok822_sub_append(tree, tok822_scan(REW_PARAM_VALUE(context->origin),
 						(TOK822 **) 0));
@@ -187,7 +188,8 @@ void    rewrite_tree(RWR_CONTEXT *context, TOK822 *tree)
      * alone.
      */
     if (var_append_dot_mydomain != 0
-	&& context->domain[0][0] != 0
+	&& REW_PARAM_VALUE(context->domain) != 0
+	&& REW_PARAM_VALUE(context->domain)[0] != 0
 	&& (domain = tok822_rfind_type(tree->tail, '@')) != 0
 	&& domain != tree->tail
 	&& tok822_find_type(domain, TOK822_DOMLIT) == 0
diff --git a/postfix/src/util/msg.c b/postfix/src/util/msg.c
index fd3605862..3aac01976 100644
--- a/postfix/src/util/msg.c
+++ b/postfix/src/util/msg.c
@@ -81,6 +81,14 @@
 /*	Some output functions may suffer from intentional or accidental
 /*	record length restrictions that are imposed by library routines
 /*	and/or by the runtime environment.
+/*
+/*	Code that spawns a child process should almost always reset
+/*	the cleanup handler. The exception is when the parent exits
+/*	immediately and the child continues.
+/*
+/*	msg_cleanup() may be unsafe in code that changes process
+/*	privileges, because the call-back routine may run with the
+/*	wrong privileges.
 /* LICENSE
 /* .ad
 /* .fi
diff --git a/postfix/src/util/vstream_popen.c b/postfix/src/util/vstream_popen.c
index e8804d0a1..d988d7e8b 100644
--- a/postfix/src/util/vstream_popen.c
+++ b/postfix/src/util/vstream_popen.c
@@ -217,6 +217,7 @@ VSTREAM *vstream_popen(int flags,...)
 	(void) close(sockfd[1]);
 	return (0);
     case 0:					/* child */
+	(void) msg_cleanup((MSG_CLEANUP_FN) 0);
 	if (close(sockfd[1]))
 	    msg_warn("close: %m");
 	for (fd = 0; fd < 2; fd++)